Which is the BEST way to measure and prioritize aggregate risk deriving from a chain of linked
system vulnerabilities?

In which of the following system development life cycle (SDLC) phases are access control and
encryption algorithms chosen?

Which of the following is generally considered a fundamental component of an information security
program?

How would an organization know if its new information security program is accomplishing its
goals?

Which of the following is the BEST method to reduce the number of incidents of employees
forwarding spam and chain e-mail messages?

Which of the following is the BEST approach to mitigate online brute-force attacks on user
accounts?

Which of the following measures is the MOST effective deterrent against disgruntled stall abusing
their privileges?

The advantage of sending messages using steganographic techniques, as opposed to utilizing
encryption, is that:

As an organization grows, exceptions to information security policies that were not originally
specified may become necessary at a later date. In order to ensure effective management of
business risks, exceptions to such policies should be:

There is reason to believe that a recently modified web application has allowed unauthorized
access. Which is the BEST way to identify an application backdoor?