An internal review of a web-based application system finds the ability to gain access to all
employees’ accounts by changing the employee’s ID on the URL used for accessing the account.
The vulnerability identified is:

A test plan to validate the security controls of a new system should be developed during which
phase of the project?

The MOST effective way to ensure that outsourced service providers comply with the
organization’s information security policy would be:

In order to protect a network against unauthorized external connections to corporate systems, the
information security manager should BEST implement:

The PRIMARY driver to obtain external resources to execute the information security program is
that external resources can:

Priority should be given to which of the following to ensure effective implementation of information
security governance?

The MAIN reason for deploying a public key infrastructure (PKI) when implementing an information
security program is to:

Which of the following controls would BEST prevent accidental system shutdown from the console
or operations area?

Which of the following is the MOST important reason why information security objectives should
be defined?

What is the BEST policy for securing data on mobile universal serial bus (USB) drives?