What is the PRIMARY goal of fault tolerance?

A. Elimination of single point of failure
B. Isolation using a sandbox
C. Single point of repair
D. Containment to prevent propagation

Which of the following is the BEST reason for writing an information security policy?

A. To support information security governance
B. To reduce the number of audit findings
C. To deter attackers
D. To implement effective information security controls

From a security perspective, which of the following assumptions MUST be made about input to an application?

A. It is tested
B. It is logged
C. It is verified
D. It is untrusted

When developing a business case for updating a security program, the security program owner MUST do which of the following?

A. Identify relevant metrics
B. Prepare performance test reports
C. Obtain resources for the security program
D. Interview executive management

Proven application security principles include which of the following?

A. Minimizing attack surface area
B. Hardening the network perimeter
C. Accepting infrastructure security controls
D. Developing independent modules

Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

A. Mandatory Access Control (MAC) procedures
B. Discretionary Access Control (DAC) procedures
C. Segregation of duties
D. Data link encryption

What is the MAIN goal of information security awareness and training?

A. To inform users of the latest malware threats
B. To inform users of information assurance responsibilities
C. To comply with the organization information security policy
D. To prepare students for certification

Which security approach will BEST minimize Personally Identifiable Information (PII) loss from a data breach?

A. End-to-end data encryption for data in transit
B. Continuous monitoring of potential vulnerabilities
C. A strong breach notification process
D. Limited collection of individuals’ confidential data

Which of the following is a responsibility of a data steward?

A. Ensure alignment of the data governance effort to the organization.
B. Conduct data governance interviews with the organization.
C. Document data governance requirements.
D. Ensure that data decisions and impacts are communicated to the organization.

Which of the following is a characteristic of an internal audit?

A. An internal audit is typically shorter in duration than an external audit.
B. The internal audit schedule is published to the organization well in advance.
C. The internal auditor reports to the Information Technology (IT) department
D. Management is responsible for reading and acting upon the internal audit results