Question 1

An experienced security manager is well aware of the risks related to communication over the internet. She also knows that Public Key Infrastructure (PKI) can be used to keep e-mails between employees confidential.

Which is the main risk of PKI?

Options :

A : The Certificate Authority (CA) is hacked.

B : The certificate is invalid because it is on a Certificate Revocation List.

C : The users lose their public keys.

D : The HR department wants to be a Registration Authority (RA).

Answer: A

Question 2

What is the main reason to use a firewall to separate two parts of your internal network? •

Options :

A : To control traffic intensity between two network segments

B : To decrease network loads

C : To enable the installation of an Intrusion Detection System

D : To separate areas with different confidentiality requirements

Answer: D

Question 3

The Board of Directors of an organization is accountable for obtaining adequate assurance. Who should be responsible for coordinating the information security awareness campaigns?

Options :

A : The Board of Directors

B : The operational manager

C : The security manager

D : The user

Answer: C

Question 4

A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.

What is the best option for the treatment of risks?

Options :

A : Begin risk remediation immediately as the organization is currently at risk

B : Decide the criteria for determining if the risk can be accepted

C : Design appropriate controls to reduce the risk

D : Remediate the risk regardless of cost

Answer: B