Question 1

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Options :

A : Define policies and standards for data processing.

B : Implement applicable privacy principles.

C : Research cyber insurance policies.

D : Assess local or regional regulation.

Answer: D

Question 2

During the due diligence phase of an acquisition, the MOST important course of action for an information security manager is to:

Options :

A : review the state of security awareness

B : review information security policies

C : perform a risk assessment

D : perform a gap analysis

Answer: C

Question 3

The PRIMARY objective of performing a post-incident review is to:

Options :

A : identify control improvements

B : identify vulnerabilities

C : re-evaluate the impact of incidents

D : identify the root cause

Answer: A

Question 4

An organization is the victim or a targeted attack and is unaware of the compromise until a security analyst notices an additional user account on the firewall. The implementation of which of the following would have detected the incident?

Options :

A : Web-application firewall

B : Security information and event management (SIEM)

C : Data leakage prevention (DLP)

D : Network access control

Answer: B

Question 5

An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?

Options :

A : The third party has not provided evidence of compliance with local regulations where data is generated.

B : The third party does not have an independent assessment of controls available for review.

C : The third party’s service level agreement (SLA) does not include guarantees of uptime.

D : The third-party contract does not include an indemnity clause for compensation in the event of a breach.

Answer: D