- (Topic 1)
What is the SECOND step to creating a risk management methodology according to the National Institute of Standards and Technology (NIST) SP 800-30 standard?
Correct Answer:D
- (Topic 2)
Which is the BEST solution to monitor, measure, and report changes to critical data in a system?
Correct Answer:B
- (Topic 3)
Which business stakeholder is accountable for the integrity of a new information system?
Correct Answer:A
- (Topic 3)
Which of the following functions evaluates patches used to close software vulnerabilities of new systems to assure compliance with policy when implementing an information security program?
Correct Answer:A
- (Topic 3)
The Security Operations Center (SOC) just purchased a new intrusion prevention system (IPS) that needs to be deployed in-line for best defense. The IT group is concerned about putting the new IPS in-line because it might negatively impact network availability. What would be the BEST approach for the CISO to reassure the IT group?
Correct Answer:D