- Email support@dumps4free.com
Topic 1: Exam Pool A
Which of the following is MOST important to include when reporting information security
risk to executive leadership?
A.
Key performance objectives and budget trends
B.
Security awareness training participation and residual risk exposures
C.
Risk analysis results and key risk indicators (KRIs)
D.
Information security risk management plans and control compliance
Risk analysis results and key risk indicators (KRIs)
Information security awareness programs are MOST effective when they are:
A.
sponsored by senior management.
B.
reinforced by computer-based training.
C.
conducted at employee orientation.
D.
customized for each target audience.
customized for each target audience.
Which of the following has the MOST direct impact on the usability of an organization’s
asset classification policy?
A.
The support of IT management for the classification scheme
B.
The granularity of classifications in the hierarchy
C.
The frequency of updates to the organization's risk register
D.
The business objectives of the organization
The business objectives of the organization
Rn information security team is investigating an alleged breach of an organization's
network. Which of the following would be the BEST single source of evidence to review?
A.
File integrity monitoring (FIM) software
B.
Antivirus software
C.
Intrusion detection system (IDS)
D.
Security information and event management (SIEM) tool
Security information and event management (SIEM) tool
An information security risk analysis BEST assists an organization in ensuring that:
A.
an appropriate level of funding is applied to security processes
B.
the organization implements appropriate security technologies
C.
the infrastructure has the appropriate level of access control
D.
cost-effective decisions are made with regard to which assets need protection
cost-effective decisions are made with regard to which assets need protection
| Page 2 out of 61 Pages |
| Previous |