A company wants to fill a Chief Information Security Officer position in the organization. They need to define and implement a more holistic security program. Which of the following qualifications and experience would be MOST desirable to find in a candidate?

A. Multiple certifications, strong technical capabilities and lengthy resume

B. Industry certifications, technical knowledge and program management skills

C. College degree, audit capabilities and complex project management

D. Multiple references, strong background check and industry certifications

Step-by-step procedures to regain normalcy in the event of a major earthquake is PRIMARILY covered by which of the following plans?

A. Incident response plan

B. Business Continuity plan

C. Disaster recovery plan

D. Damage control plan

Your incident response plan should include which of the following?

A. Procedures for litigation

B. Procedures for reclamation

C. Procedures for classification

D. Procedures for charge-back

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?

A. The need to change accounting periods on a regular basis.

B. The requirement to post entries for a closed accounting period.

C. The need to create and modify the chart of accounts and its allocations.

D. The lack of policies and procedures for the proper segregation of duties.

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

A. In-line hardware keyloggers don't require physical access

B. In-line hardware keyloggers don't comply to industry regulations

C. In-line hardware keyloggers are undetectable by software

D. In-line hardware keyloggers are relatively inexpensive

At what level of governance are individual projects monitored and managed?

A. Program

B. Milestone

C. Enterprise

D. Portfolio

A CISO has implemented a risk management capability within the security portfolio. Which of the following terms best describes this functionality?

A. Service

B. Program

C. Portfolio

D. Cost center

Involvement of senior management is MOST important in the development of:

A. IT security implementation plans.

B. Standards and guidelines.

C. IT security policies.

D. IT security procedures.

If the result of an NPV is positive, then the project should be selected. The net present value shows the present value of the project, based on the decisions taken for its selection. What is the net present value equal to?

A. Net profit ?per capita income

B. Total investment ?Discounted cash

C. Average profit ?Annual investment

D. Initial investment ?Future value

Which of the following is the MOST effective method for discovering common technical vulnerabilities within the IT environment?

A. Reviewing system administrator logs

B. Auditing configuration templates

C. Checking vendor product releases

D. Performing system scans