Q1. The application of which of the following standards would BEST reduce the potential for data breaches? 

A. ISO 9000 

B. ISO 20121 

C. ISO 26000 

D. ISO 27001 

View Answer

Q2. How does an organization verify that.an.information system's.current hardware and software match the standard system configuration? 

A. By reviewing the configuration after the system goes into production 

B. By running vulnerability scanning tools on all devices in the environment 

C. By comparing the actual configuration of the system against the baseline 

D. By verifying all the approved security patches are implemented 

View Answer

Q3. Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen? 

A. Set up a BIOS and operating system password 

B. Encrypt the virtual drive where confidential files can be stored 

C. Implement a mandatory policy in which sensitive data cannot be stored on laptops, but only on the corporate network 

D. Encrypt the entire disk and delete contents after a set number of failed access attempts 

View Answer

Q4. How can lessons learned from business continuity training and actual recovery incidents BEST be used? 

A. As a means for improvement 

B. As alternative options for awareness and training 

C. As indicators of a need for policy 

D. As business function gap indicators 

View Answer

Q5. Which of the following standards/guidelines requires an Information Security Management System (ISMS) to be defined? 

A. International Organization for Standardization (ISO) 27000 family 

B. Information Technology Infrastructure Library (ITIL) 

C. Payment Card Industry Data Security Standard (PCIDSS) 

D. ISO/IEC 20000 

View Answer

Q6. What type of encryption is used to protect sensitive data in transit over a network? 

A. Payload encryption and transport encryption 

B. Authentication Headers (AH) 

C. Keyed-Hashing for Message Authentication 

D. Point-to-Point Encryption (P2PE) 

View Answer

Q7. Which of the following BEST describes Recovery Time Objective (RTO)? 

A. Time of data validation after disaster 

B. Time of data restoration from backup after disaster 

C. Time of application resumption after disaster 

D. Time of application verification after disaster 

View Answer

Q8. The stringency of an Information Technology (IT) security assessment will be determined by the 

A. system's past security record. 

B. size of the system's database. 

C. sensitivity of the system's data. 

D. age of the system. 

View Answer

Q9. Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy? 

A. Discretionary Access Control (DAC) procedures 

B. Mandatory Access Control (MAC) procedures 

C. Data link encryption 

D. Segregation of duties 

View Answer

Q10. An organization is designing a large enterprise-wide document repository system. They plan to have several different classification level areas with increasing levels of controls. The BEST way to ensure document confidentiality in the repository is to 

A. encrypt the contents of the repository and document any exceptions to that requirement. 

B. utilize Intrusion Detection System (IDS) set drop connections if too many requests for documents are detected. 

C. keep individuals with access to high security areas from saving those documents into lower security areas. 

D. require individuals with access to the system to sign Non-Disclosure Agreements (NDA). 

View Answer