Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?

Last Updated on December 23, 2021 by Admin Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message? Encrypting first by receiver’s private key and second by sender’s public key Encrypting first by sender’s private key and second by receiver’s public key Encrypting first by sender’s private key and […]
Continue reading…

 

The MAIN goal of an information security strategic plan is to:

Last Updated on December 23, 2021 by Admin The MAIN goal of an information security strategic plan is to: develop a risk assessment plan. develop a data protection plan. protect information assets and resources. establish security governance. Explanation: The main goal of an information security strategic plan is to protect information assets and resources. Developing […]
Continue reading…

 

Which of the following is a key area of the ISO 27001 framework?

Last Updated on December 23, 2021 by Admin Which of the following is a key area of the ISO 27001 framework? Operational risk assessment Financial crime metrics Capacity management Business continuity management Explanation: Operational risk assessment, financial crime metrics and capacity management can complement the information security framework, but only business continuity management is a […]
Continue reading…

 

Which of the following would be the BEST metric for the IT risk management process?

Last Updated on December 23, 2021 by Admin Which of the following would be the BEST metric for the IT risk management process? Number of risk management action plans Percentage of critical assets with budgeted remedial Percentage of unresolved risk exposures Number of security incidents identified Explanation: Percentage of unresolved risk exposures and the number […]
Continue reading…

 

When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?

Last Updated on December 23, 2021 by Admin When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance? Number of controls Cost of achieving control objectives Effectiveness of controls Test results of controls Explanation: Comparison of […]
Continue reading…

 

An organization without any formal information security program that has decided to implement information security best practices should FIRST:

Last Updated on December 23, 2021 by Admin An organization without any formal information security program that has decided to implement information security best practices should FIRST: invite an external consultant to create the security strategy. allocate budget based on best practices. benchmark similar organizations. define high-level business security requirements. Explanation: All four options are […]
Continue reading…

 

In an organization, information systems security is the responsibility of:

Last Updated on December 23, 2021 by Admin In an organization, information systems security is the responsibility of: all personnel. information systems personnel. information systems security personnel. functional personnel. Explanation: All personnel of the organization have the responsibility of ensuring information systems security-this can include indirect personnel such as physical security personnel. Information systems security […]
Continue reading…

 

What is the MOST important item to be included in an information security policy?

Last Updated on December 23, 2021 by Admin What is the MOST important item to be included in an information security policy? The definition of roles and responsibilities The scope of the security program The key objectives of the security program Reference to procedures and standards of the security program Explanation: Stating the objectives of […]
Continue reading…

 

To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:

Last Updated on December 23, 2021 by Admin To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should: revise the information security program. evaluate a balanced business scorecard. conduct regular user awareness sessions. perform penetration tests. Explanation: The balanced business scorecard can track the effectiveness […]
Continue reading…

 

Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?

Last Updated on December 23, 2021 by Admin Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices? Regular review of access control lists Security guard escort of visitors Visitor registry log at the door A biometric coupled with a […]
Continue reading…

 

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Last Updated on December 23, 2021 by Admin Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate? Estimated reduction in risk Estimated increase in efficiency Projected costs over time Projected increase in maturity level
Continue reading…

 

Which of the following would be MOST helpful in gaining support for a business case for an information security initiative?

Last Updated on December 23, 2021 by Admin Which of the following would be MOST helpful in gaining support for a business case for an information security initiative? Demonstrating organizational alignment Emphasizing threats to the organization Referencing control deficiencies Presenting a solution comparison matrix
Continue reading…