Question 1

Which of the following methods are used to define contractual obligations that force a vendor to meet customer expectations?

Options :

A : Terms and Conditions

B : Service Level Agreements (SLA)

C : Statement of Work

D : Key Performance Indicators (KPI)

Answer: B

Question 2

When a CISO considers delaying or not remediating system vulnerabilities which of the following are MOST important to take into account?

Options :

A : Threat Level, Risk of Compromise, and Consequences of Compromise

B : Risk Avoidance, Threat Level, and Consequences of Compromise

C : Risk Transfer, Reputational Impact, and Consequences of Compromise

D : Reputational Impact, Financial Impact, and Risk of Compromise

Answer: A

Question 3

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

Options :

A : Perform an audit to measure the control formally

B : Escalate the issue to the IT organization

C : Perform a risk assessment to measure risk

D : Establish Key Risk Indicators

Answer: C

Question 4

What does RACI stand for?

Options :

A : Reasonable, Actionable, Controlled, and Implemented

B : Responsible, Actors, Consult, and Instigate

C : Responsible, Accountable, Consulted, and Informed

D : Review, Act, Communicate, and Inform

Answer: C

Question 5

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

Options :

A : Perform an audit to measure the control formally

B : Escalate the issue to the IT organization

C : Perform a risk assessment to measure risk

D : Establish Key Risk Indicators

Answer: C