- (Exam Topic 5)
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

1. A. Contract a third party to perform a security risk assessment
2. B. Define formal roles and responsibilities for Internal audit functions
3. C. Define formal roles and responsibilities for Information Security
4. D. Create an executive security steering committee

Correct Answer: C

- (Exam Topic 6)
What key technology can mitigate ransomware threats?

1. A. Use immutable data storage
2. B. Phishing exercises
3. C. Application of multiple end point anti-malware solutions
4. D. Blocking use of wireless networks

Correct Answer: A
Reference:
https://cloud.google.com/blog/products/identity-security/5-pillars-of-protection-to-prevent-ransomware-attacks

- (Exam Topic 5)
Which type of physical security control scan a person’s external features through a digital video camera before granting access to a restricted area?

1. A. Iris scan
2. B. Retinal scan
3. C. Facial recognition scan
4. D. Signature kinetics scan

Correct Answer: C

- (Exam Topic 5)
SCENARIO: A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization’s needs.
The CISO is unsure of the information provided and orders a vendor proof of concept to validate the system’s scalability. This demonstrates which of the following?

1. A. An approach that allows for minimum budget impact if the solution is unsuitable
2. B. A methodology-based approach to ensure authentication mechanism functions
3. C. An approach providing minimum time impact to the implementation schedules
4. D. A risk-based approach to determine if the solution is suitable for investment

Correct Answer: D

- (Exam Topic 1)
Which of the following provides an audit framework?

1. A. Control Objectives for IT (COBIT)
2. B. Payment Card Industry-Data Security Standard (PCI-DSS)
3. C. International Organization Standard (ISO) 27002
4. D. National Institute of Standards and Technology (NIST) SP 800-30

Correct Answer: A