Q1. Which of the following is the BEST indication of an effective information security program?
A.Risk is treated to an acceptable level.
B. The number of security incidents reported by staff has increased.
C. Key risk indicators (KRIs) are established.
D. Policies are reviewed and approved by senior management.
Correct Answer: A
Q2. An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization's CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?
A.Temporarily suspend wire transfers for the organization.
B. Provide awareness training to the CEO for this type of phishing attack.
C. Provide awareness training to staff responsible for wire transfers.
D. Disable emails for staff responsible for wire transfers.
Correct Answer: C
Q3. When analyzing the emerging risk and threat landscape, an information security manager should FIRST:
A.determine the impact if threats materialize.
B. determine the sources of emerging threats.
C. review historical threats within the industry.
D. map threats to business assets.
Correct Answer: B
Q4. Which of the following is the BEST indication of an effective disaster recovery planning process?
A.Hot sites are required for any declared disaster.
B. Chain of custody is maintained throughout the disaster recovery process.
C. Post-incident reviews are conducted after each event.
D. Recovery time objectives (RTOs) are shorter than recovery point objectives (RPOs).
Correct Answer: C
$ 39
Reviews
There are no reviews yet.