Which of the following is a direct monetary cost of a security incident?

A. Morale
B. Reputation
C. Equipment
D. Information

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

A. Define additional security controls directly after the merger
B. Include a procurement officer in the merger team
C. Verify all contracts before a merger occurs
D. Assign a compliancy officer to review the merger conditions

When determining who can accept the risk associated with a vulnerability, which of the following is MOST important?

A. Countermeasure effectiveness
B. Type of potential loss
C. Incident likelihood
D. Information ownership

Which of the following mandates the amount and complexity of security controls applied to a security risk?

A. Security vulnerabilities
B. Risk tolerance
C. Risk mitigation
D. Security staff

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

A. Security governance
B. Risk management
C. Security portfolio management
D. Risk assessment

What is the term commonly used to refer to a technique of authentication one machine to another by forging packets from a trusted source?

A. Smurfing
B. Man-in-the-Middle (MITM) attack
C. Session redirect
D. Spoofing

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

A. Physical Layer
B. Application Layer
C. Data-Link Layer
D. Network Layer

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

A. 25%
B. 50%
C. 75%
D. 100%

Intellectual property rights are PRIMARY concerned with which of the following?

A. Owner’s ability to realize financial gain
B. Owner’s ability to maintain copyright
C. Right of the owner to enjoy their creation
D. Right of the owner to control delivery method

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A. Development, testing, and deployment
B. Prevention, detection, and remediation
C. People, technology, and operations
D. Certification, accreditation, and monitoring