A risk manager is asked to perform a complete risk assessment for a company. What is the best method to identify most of the threats to the company? A. Have a brainstorm with representatives of all stakeholders B. Interview top management C. Send a checklist for threat identification to all staff involved in information security.

A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants to access to those areas in case of fire. What is the best solution to this dilemma? A. The security architect […]

When should information security controls be considered? A. After the risk assessment B. As part of the scoping meeting C. At the kick-off meeting D. During the risk assessment work

A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks. What is the best option for the treatment of risks? A. Begin risk remediation immediately as the organization is currently at risk B. Decide the […]

Which security item is designed to take collections of data from multiple computers? A. Firewall B. Host-Based Intrusion Detection and Prevention System (Host-Based IDPS) C. Network-Based Intrusion Detection and Prevention System (Network-Based IDPS) D. Virtual Private Network (VPN)

Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security. What combination of business functions should be combined into one security zone? A. Boardroom and general office space B. Computer […]