Data owners will determine what access and authorizations users will have by:

Which of the following is the MOST effective at preventing an unauthorized individual from following an
authorized person through a secured entrance (tailgating or piggybacking)?

What is the MOS T cost-effective means of improving security awareness of staff personnel?

An information security manager reviewing firewall rules will be MOST concerned if the firewall allows:

A third party was engaged to develop a business application. Which of the following would an information
security manager BEST test for the existence of back doors?

The implementation of continuous monitoring controls is the BEST option where:

The PRIMARY reason for involving information security at each stage in the systems development life cycle
(SDLC) is to identify the security implications and potential solutions required for:

When defining a service level agreement (SLA) regarding the level of data confidentiality that is handled by a
third-party service provider, the BEST indicator of compliance would be the:

Several business units reported problems with their systems after multiple security patches were deployed. The
FIRST step in handling this problem would be to:

An organization’s information security manager has been asked to hire a consultant to help assess the maturity
level of the organization’s information security management. The MOST important element of the request for
proposal (RIP) is the: