A mission-critical system has been identified as having an administrative system account with attributes that
prevent locking and change of privileges and name. Which would be the BEST approach to prevent successful
brute forcing of the account?

A project manager is developing a developer portal and requests that the security manager assign a public IP
address so that it can be accessed by in-house staff and by external consultants outside the organization’s local
area network (LAN). What should the security manager do FIRST?

Which of the following would be of GREATEST importance to the security manager in determining whether to
accept residual risk?

A common concern with poorly written web applications is that they can allow an attacker to:

What mechanisms are used to identify deficiencies that would provide attackers with an opportunity to
compromise a computer system?

An online banking institution is concerned that the breach of customer personal information will have a
significant financial impact due to the need to notify and compensate customers whose personal information
may have been compromised. The institution determines that residual risk will always be too high and decides
to:

Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?

The PRIMARY purpose of using risk analysis within a security program is to:

Which of the following types of information would the information security manager expect to have the
LOWEST level of security protection in a large, multinational enterprise?

Which would be one of the BEST metrics an information security manager can employ to effectively evaluate
the results of a security program?