A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
Answer : B
What is the main reason to use a firewall to separate two parts of your internal network?
Answer : D
Security monitoring is an important control measure to make sure that the required security level is maintained. In order to realize 24/7 availability of the service, this service is outsourced to a partner in the cloud.
What should be an important control in the contract?
Answer : D
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants
to access to those areas in case of fire.
What is the best solution to this dilemma?
Answer : C
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
Answer : B
What is a risk treatment strategy?
Answer : B
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a
number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and
external audits.
What component of the audit trail is the most important for an external auditor?
Answer : A