An organization’s operations staff places payment files in a shared network folder and then the disbursement
staff picks up the files for payment processing. This manual intervention will be automated some months later,
thus cost-efficient controls are sought to protect against file alterations. Which of the following would be the
BEST solution?

Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT services?

An organization that outsourced its payroll processing performed an independent assessment of the security
controls of the third party, per policy requirements. Which of the following is the MOST useful requirement to
include in the contract?

An organization is entering into an agreement with a new business partner to conduct customer mailings. What
is the MOST important action that the information security manager needs to perform?

Of the following, retention of business records should be PRIMARILY based on:

The root cause of a successful cross site request forgery (XSRF) attack against an application is that the
vulnerable application:

An effective way of protecting applications against Structured Query Language (SQL) injection vulnerability is
to:

Which of the following is the BEST approach for improving information security management processes?

What is the MOST cost-effective method of identifying new vendor vulnerabilities?

Which of the following is the MOST appropriate method of ensuring password strength in a large organization?