An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents. Which of the following would be considered a MAJOR constraint for the project?

A. Time zone differences

B. Compliance to local hiring laws

C. Encryption import/export regulations

D. Local customer privacy laws

Which of the following represents the BEST method for obtaining business unit acceptance of security controls within an organization?

A. Allow the business units to decide which controls apply to their systems, such as the encryption of sensitive data

B. Create separate controls for the business units based on the types of business and functions they perform

C. Ensure business units are involved in the creation of controls and defining conditions under which they must be applied

D. Provide the business units with control mandates and schedules of audits for compliance validation

Which of the following best describes the sensors designed to project and detect a light beam across an area?

A. Smoke

B. Thermal

C. Air-aspirating

D. Photo electric

At what level of governance are individual projects monitored and managed?

A. Program

B. Milestone

C. Enterprise

D. Portfolio

Which of the following information would MOST likely be reported at the board-level within an organization?

A. System scanning trends and results as they pertain to insider and external threat sources

B. The capabilities of a security program in terms of staffing support

C. Significant risks and security incidents that have been discovered since the last assembly of the membership

D. The numbers and types of cyberattacks experienced by the organization since the last assembly of the membership

A large number of accounts in a hardened system were suddenly compromised to an external party. Which of the following is the MOST probable threat actor involved in this incident?

A. Poorly configured firewalls

B. Malware

C. Advanced Persistent Threat (APT)

D. An insider

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers."

Which group of people should be consulted when developing your security program?

A. Peers

B. End Users

C. Executive Management

D. All of the above

The total cost of security controls should:

A. Be equal to the value of the information resource being protected

B. Be greater than the value of the information resource being protected

C. Be less than the value of the information resource being protected

D. Should not matter, as long as the information resource is protected

Which of the following is the MOST important reason for performing assessments of the security portfolio?

A. To assure that the portfolio is aligned to the needs of the broader organization

B. To create executive support of the portfolio

C. To discover new technologies and processes for implementation within the portfolio

D. To provide independent 3rd party reviews of security effectiveness

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.

From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?

A. Compliance centric agenda

B. IT security centric agenda

C. Lack of risk management process

D. Lack of sponsorship from executive management