Which of the following is the BEST indicator of an organization's information security status?

1. A. Intrusion detection log analysis
2. B. Controls audit
3. C. Threat analysis
4. D. Penetration test

Correct Answer: B

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

1. A. enhance the organization's antivirus controls.
2. B. eliminate the risk of data loss.
3. C. complement the organization's detective controls.
4. D. reduce the need for a security awareness program.

Correct Answer: B

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS). The lead security engineer has just identified a major security vulnerability at the primary cloud provider. Within the organization, who is PRIMARILY accountable for the associated task?

1. A. The information security manager
2. B. The data owner
3. C. The application owner
4. D. The security engineer

Correct Answer: B

Which of the following is MOST helpful for determining which information security policies should be implemented by an organization?

1. A. Risk assessment
2. B. Business impact analysis (BIA)
3. C. Vulnerability assessment
4. D. Industry best practices

Correct Answer: A

When collecting admissible evidence, which of the following is the MOST important requirement?

1. A. Need to know
2. B. Preserving audit logs
3. C. Due diligence
4. D. Chain of custody

Correct Answer: D
The most important requirement when collecting admissible evidence is the chain of custody. The chain of
custody is a documented record of who had control of the evidence at any given time, from the point of collection until the evidence is presented in court. This is important in order to ensure the evidence can be authenticated and is not subject to tampering or any other form of interference. Other important considerations include need to know, preserving audit logs, and due diligence.