Question 1

What is the main purpose of the Incident Response Team?

Options :

A : Ensure efficient recovery and reinstate repaired systems

B : Create effective policies detailing program activities

C : Communicate details of information security incidents

D : Provide current employee awareness programs

Answer: A

Question 2

The effectiveness of an audit is measured by?

Options :

A : The number of actionable items in the recommendations

B : How it exposes the risk tolerance of the company

C : How the recommendations directly support the goals of the company

D : The number of security controls the company has in use

Answer: C

Question 3

File Integrity Monitoring (FIM) is considered a

Options :

A : Network based security preventative control

B : Software segmentation control

C : Security detective control

D : User segmentation control

Answer: C

Question 4

Which of the following is the MOST logical method of deploying security controls within an organization?

Options :

A : Obtain funding for all desired controls and then create project plans for implementation

B : Apply the simpler controls as quickly as possible and use a risk-based approach for the more difficult andcostly controls

C : Apply the least costly controls to demonstrate positive program activity

D : Obtain business unit buy-in through close communication and coordination

Answer: B

Question 5

Which of the following is a countermeasure to prevent unauthorized database access from web applications?

Options :

A : Session encryption

B : Removing all stored procedures

C : Input sanitization

D : Library control

Answer: C