- (Topic 1)
What is the main purpose of the Incident Response Team?

1. A. Ensure efficient recovery and reinstate repaired systems
2. B. Create effective policies detailing program activities
3. C. Communicate details of information security incidents
4. D. Provide current employee awareness programs

Correct Answer: A

- (Topic 1)
Risk appetite directly affects what part of a vulnerability management program?

1. A. Staff
2. B. Scope
3. C. Schedule
4. D. Scan tools

Correct Answer: B

- (Topic 1)
Which of the following international standards can be BEST used to define a Risk Management process in an organization?

1. A. National Institute for Standards and Technology 800-50 (NIST 800-50)
2. B. International Organization for Standardizations – 27005 (ISO-27005)
3. C. Payment Card Industry Data Security Standards (PCI-DSS)
4. D. International Organization for Standardizations – 27004 (ISO-27004)

Correct Answer: B

- (Topic 4)
What type of attack requires the least amount of technical equipment and has the highest success rate?

1. A. War driving
2. B. Operating system attacks
3. C. Social engineering
4. D. Shrink wrap attack

Correct Answer: C

- (Topic 3)
Your company has a “no right to privacy” notice on all logon screens for your information
systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):

1. A. Grant her access, the employee has been adequately warned through the AUP.
2. B. Assist her with the request, but only after her supervisor signs off on the action.
3. C. Reset the employee’s password and give it to the supervisor.
4. D. Deny the request citing national privacy laws.

Correct Answer: B