Question 1

Which of the following is the MOST important consideration when reporting on the status of information security activities?

Options :

A : The report is comprehensive

B : The report is updated on a regular basis

C : The report is tailored to stakeholder needs

D : The report structure is consistent with industry standards

Answer: C

Question 2

When scoping a risk assessment, assets need to be classified by:

Options :

A : sensitivity and criticality.

B : likelihood and impact.

C : threats and opportunities.

D : redundancy and recoverability.

Answer: A

Question 3

Which of the following is the MOST important consideration when developing incident classification methods?

Options :

A : Data classification

B : Data owner input

C : Service level agreements (SLAs)

D : Business impact

Answer: D

Question 4

Which of the following is the MOST important detail to capture in an organization's risk register?

Options :

A : Risk acceptance criteria

B : Risk severity level

C : Risk ownership

D : Risk appetite

Answer: C

Question 5

When deciding to move to a cloud-based model, the FIRST consideration should be:

Options :

A : data classification

B : physical location of the data

C : storage in a shared environment

D : availability of the data

Answer: A