A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

1. A. Instruct the vendor to conduct penetration testing.
2. B. Suspend the connection to the application in the firewall
3. C. Report the situation to the business owner of the application.
4. D. Initiate the organization's incident response process.

Correct Answer: C

When deciding to move to a cloud-based model, the FIRST consideration should be:

1. A. storage in a shared environment.
2. B. availability of the data.
3. C. data classification.
4. D. physical location of the data.

Correct Answer: C

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

1. A. Integrate information security risk assessments into the procurement process.
2. B. Provide regular information security training to the procurement team.
3. C. Invite IT members into regular procurement team meetings to influence best practice.
4. D. Enforce the right to audit in procurement contracts with SaaS vendors.

Correct Answer: A

Which of the following security processes will BEST prevent the exploitation of system vulnerabilities?

1. A. Intrusion detection
2. B. Log monitoring
3. C. Patch management
4. D. Antivirus software

Correct Answer: C

The PRIMARY objective of a post-incident review of an information security incident is to:

1. A. update the risk profile
2. B. minimize impact
3. C. prevent recurrence.
4. D. determine the impact

Correct Answer: C
The primary objective of a post-incident review of an information security incident is to identify the root cause of the incident and determine what can be done to prevent a similar incident from happening in the future. This process helps organizations to learn from past incidents and make improvements to their security posture to reduce the risk of future incidents. By conducting a thorough post-incident review, organizations can identify areas for improvement in their security controls, policies, and procedures, and implement changes to prevent similar incidents from happening in the future. Other important objectives of a post-incident review may include updating the risk profile, minimizing impact, and determining the impact of the incident, but the main focus should be on identifying ways to prevent recurrence.