01. Which of the following is the BEST indicator that incident response training is effective?
a) Decreased reporting of security incidents to the response team
b) Increased reporting of security incidents to the response team
c) Decreased number of password resets
d) Increased number of identified system vulnerabilities
02. Which of the following factors will have the GREATEST impact on the type of information security governance model that an enterprise adopts?
a) The number of employees
b) The enterprise’s budget
c) The organizational structure
d) The type of technology that the enterprise uses
03. An enterprise learns of a security breach at another entity using similar network technology. The MOST important action for a risk practitioner is to:
a) Assess the likelihood of the incident occurring at the risk practitioner’s enterprise
b) Discontinue the use of the vulnerable technology
c) Report to senior management that the enterprise is not affected
d) Remind staff that no similar security breaches have taken place
04. Which of the following is MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?
a) The approved budget of the project
b) The frequency of incidents
c) The annual loss expectancy of incidents
d) The total cost of ownership
05. A global financial institution has decided not to take any further action on a denial-of-service vulnerability found by the risk assessment team. The MOST likely reason for making this decision is that:
a) The needed countermeasure is too complicated to deploy
b) There are sufficient safeguards in place to prevent this risk from happening
c) The likelihood of the risk occurring is unknown
d) The cost of countermeasure outweighs the value of the asset and potential loss
06. Which of the following examples includes ALL required components of a risk calculation?
a) Over the next quarter, it is estimated that there is a 30 percent chance of two projects failing to meet a contract deadline, resulting in a US $500,000 fine related to breach of service level agreements
b) Security experts believe that if a system is compromised, it will result in the loss of US $15 million in lost contracts
c) The likelihood of disk corruption resulting from a single event of uncontrolled system power failure is estimated by engineers to be 15 percent
d) The impact to security of a business line of a malware-related workstation event is estimated to be low
07. Which of the following is MOST useful in developing a series of recovery time objectives?
a) Regression analysis
b) Risk analysis
c) Gap analysis
d) Business impact analysis
08. In an operational review of the processing environment, which indicator would be MOST beneficial?
a) User satisfaction
b) Audit findings
c) Regulatory changes
d) Management changes
09. Which of the following is the BEST way to ensure that contract programmers comply with organizational security policies?
a) Have the contractors acknowledge the security policies in writing
b) Explicitly refer to contractors in the security standards
c) Perform periodic security reviews of the contractors
d) Create penalties for noncompliance in the contracting agreement
10. An IT organization has put in place an anti-malware system to reduce risk. Assuming the control is working within specified parameters, which of the following statements BEST describes how this control reduces risk?
a) The control reduces the probability of malware on company computers but does not reduce the impact of those attacks
b) The control reduces the impact of malware on company computers but does not reduce the probability of those attacks
c) The control reduces the probability and impact of malware on company computers
d) The control reduces neither probability nor impact of malware on company computers