Which of the following is the MOST important process that an information security manager needs to negotiate
with an outsource service provider?

Which of the following documents would be the BEST reference to determine whether access control
mechanisms are appropriate for a critical application?

A critical device is delivered with a single user and password that is required to be shared for multiple users to
access the device. An information security manager has been tasked with ensuring all access to the device is
authorized. Which of the following would be the MOST efficient means to accomplish this?

An information security manager has been asked to develop a change control process. What is the FIRST thing
the information security manager should do?

The PRIMARY focus of the change control process is to ensure that changes are:

Who is ultimately responsible for ensuring that information is categorized and that protective measures are
taken?

What is the MOST appropriate change management procedure for the handling of emergency programchanges?

Which of the following is the MOST immediate consequence of failing to tune a newly installed intrusion
detection system (IDS) with the threshold set to a low value?

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

A major trading partner with access to the internal network is unwilling or unable to remediate serious
information security exposures within its environment. Which of the following is the BEST recommendation?