Question 1

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Options :

A : Determine the risk tolerance

B : Perform an asset classification

C : Create an architecture gap analysis

D : Analyze existing controls on systems

Answer: B

Question 2

Which of the following is a major benefit of applying risk levels?

Options :

A : Risk management governance becomes easier since most risks remain low once mitigated

B : Resources are not wasted on risks that are already managed to an acceptable level

C : Risk budgets are more easily managed due to fewer identified risks as a result of using a methodology

D : Risk appetite can increase within the organization once the levels are understood

Answer: B

Question 3

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

Options :

A : NIST and Privacy Regulations

B : ISO 27000 and Payment Card Industry Data Security Standards

C : NIST and data breach notification laws

D : ISO 27000 and Human resources best practices

Answer: B

Question 4

The effectiveness of an audit is measured by?

Options :

A : The number of actionable items in the recommendations

B : How it exposes the risk tolerance of the company

C : How the recommendations directly support the goals of the company

D : The number of security controls the company has in use

Answer: C

Question 5

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and

uses the special card in order to access the restricted area of the target company. Just as the employee opens

the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so

that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Options :

A : Post a sign that states, ''no tailgating'' next to the special card reader adjacent to the secure door

B :

Issue special cards to access secure doors at the company and provide a one-time only brief description of

use of the special card

C : Educate and enforce physical security policies of the company to all the employees on a regular basis

D : Setup a mock video camera next to the special card reader adjacent to the secure door

Answer: C