Question: 1
Which of the following is MOST important to consider when determining the criticality and sensitivity of an information asset?
Question: 2
An organization is in the process of adopting a hybrid data infrastructure, transferring all non-core applications to cloud service providers, and maintaining all core business functions in-house. The
information security manager has determined a defense in depth strategy should be used. Which of the following BEST describes this strategy?
Question: 3
Which of the following is the PRIMARY reason that an information security manager would contract with an external provider to perform penetration testing?
Question: 4
An organization's security policy is to disable access to USB storage devices on laptops and desklops. Which of the following is the STRONGEST justification for granting an exception to the policy?
Question: 5
An information security manager wants to document requirements detailing the minimum security controls required for user workstations.
Which of the following resources would be MOST appropriate for this purpose'?