Monthly Archives: December 2021

Last Updated on December 23, 2021 by Admin Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message? Encrypting first by receiver’s private key and second by sender’s public key Encrypting first by sender’s private key and second by receiver’s public key Encrypting first by sender’s private key and […]
Continue reading…

Last Updated on December 23, 2021 by Admin The PRIMARY reason for classifying assets is to: balance asset value and protection measures.  identify low-value assets with insufficient controls. establish clear lines of authority and ownership for the asset. inform senior management of the organization’s risk posture.
Continue reading…

Last Updated on December 23, 2021 by Admin The MAIN goal of an information security strategic plan is to: develop a risk assessment plan. develop a data protection plan. protect information assets and resources. establish security governance. Explanation: The main goal of an information security strategic plan is to protect information assets and resources. Developing […]
Continue reading…

Last Updated on December 23, 2021 by Admin Which of the following is a key area of the ISO 27001 framework? Operational risk assessment Financial crime metrics Capacity management Business continuity management Explanation: Operational risk assessment, financial crime metrics and capacity management can complement the information security framework, but only business continuity management is a […]
Continue reading…

Last Updated on December 23, 2021 by Admin Which of the following would be the BEST metric for the IT risk management process? Number of risk management action plans Percentage of critical assets with budgeted remedial Percentage of unresolved risk exposures Number of security incidents identified Explanation: Percentage of unresolved risk exposures and the number […]
Continue reading…

Last Updated on December 23, 2021 by Admin When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance? Number of controls Cost of achieving control objectives Effectiveness of controls Test results of controls Explanation: Comparison of […]
Continue reading…

Last Updated on December 23, 2021 by Admin An organization without any formal information security program that has decided to implement information security best practices should FIRST: invite an external consultant to create the security strategy. allocate budget based on best practices. benchmark similar organizations. define high-level business security requirements. Explanation: All four options are […]
Continue reading…

Last Updated on December 23, 2021 by Admin In an organization, information systems security is the responsibility of: all personnel. information systems personnel. information systems security personnel. functional personnel. Explanation: All personnel of the organization have the responsibility of ensuring information systems security-this can include indirect personnel such as physical security personnel. Information systems security […]
Continue reading…

Last Updated on December 23, 2021 by Admin What is the MOST important item to be included in an information security policy? The definition of roles and responsibilities The scope of the security program The key objectives of the security program Reference to procedures and standards of the security program Explanation: Stating the objectives of […]
Continue reading…

Last Updated on December 23, 2021 by Admin To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should: revise the information security program. evaluate a balanced business scorecard. conduct regular user awareness sessions. perform penetration tests. Explanation: The balanced business scorecard can track the effectiveness […]
Continue reading…