- (Exam Topic 2)
When working in the Payment Card Industry (PCI), how often should security logs be review to comply with the standards?

1. A. Daily
2. B. Hourly
3. C. Weekly
4. D. Monthly

Correct Answer: A

- (Exam Topic 1)
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example of

1. A. Risk Tolerance
2. B. Qualitative risk analysis
3. C. Risk Appetite
4. D. Quantitative risk analysis

Correct Answer: D

- (Exam Topic 4)
Which of the following backup sites takes the longest recovery time?

1. A. Cold site
2. B. Hot site
3. C. Warm site
4. D. Mobile backup site

Correct Answer: A

- (Exam Topic 5)
A CISO has implemented a risk management capability within the security portfolio. Which of the following terms best describes this functionality?

1. A. Service
2. B. Program
3. C. Portfolio
4. D. Cost center

Correct Answer: B

- (Exam Topic 1)
Which of the following is the MOST important for a CISO to understand when identifying threats?

1. A. How vulnerabilities can potentially be exploited in systems that impact the organization
2. B. How the security operations team will behave to reported incidents
3. C. How the firewall and other security devices are configured to prevent attacks
4. D. How the incident management team prepares to handle an attack

Correct Answer: A