The amount of risk an organization is willing to accept in pursuit of its mission is known as
A. Risk acceptance
B. Risk transfer
C. Risk tolerance
D. Risk mitigation
正解:C
質問 2:
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
A. Value of the asset multiplied by the loss expectancy
B. Total loss expectancy multiplied by the total loss frequency
C. Single loss expectancy multiplied by the annual rate of occurrence
D. Replacement cost multiplied by the single loss expectancy
正解:C
質問 3:
What oversight should the information security team have in the change management process for application security?
A. Information security should be informed of changes to applications only
B. Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
C. Development team should tell the information security team about any application security flaws
D. Information security should be aware of all application changes and work with developers before changes are deployed in production
正解:B
質問 4:
Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?
A. Understand all regulations affecting the organization
B. Understand the business goals of the organization
C. Poses a strong auditing background
D. Poses a strong technical background
正解:B
質問 5:
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?
A. Governance
B. Compliance
C. Management
D. Awareness
正解:A
質問 6:
As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?
A. Nothing, this falls outside your area of influence.
B. Close and chain the door shut and send a company-wide memo banning the practice.
C. Post a guard at the door to maintain physical security
D. Have a risk assessment performed.
正解:D
質問 7:
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
A. ISO 27001
B. ISO 27005
C. ISO 27004
D. ISO 27002
正解:B
質問 8:
Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?
A. Provide the business units with control mandates and schedules of audits for compliance validation
B. Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data
C. Create separate controls for the business units based on the types of business and functions they perform
D. Ensure business units are involved in the creation of controls and defining conditions under which they must be applied
正解:D
黒川** -
有効な質問を提供してくれたPass4Testに感謝します問題集は非常に便利です。