Which of the following is the MOST important benefit of an effective security governance process?
A. Better vendor management
B. Reduction of liability and overall risk to the organization
C. Senior management participation in the incident response process
D. Reduction of security breaches
正解:B
質問 2:
Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?
A. Risk Management
B. System Testing
C. Vulnerability Assessment
D. Risk Assessment
正解:D
質問 3:
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?
A. Verify resources
B. Verify budget
C. Verify constraints
D. Review time schedules
正解:A
質問 4:
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting?
(choose the BEST answer):
A. medium-high risk-tolerance
B. high risk-tolerance
C. moderate risk-tolerance
D. low risk-tolerance
正解:D
質問 5:
Which of the following is considered one of the most frequent failures in project management?
A. Overly restrictive management
B. Excessive personnel on project
C. Insufficient resources
D. Failure to meet project deadlines
正解:D
質問 6:
Which of the following is a benefit of information security governance?
A. Questioning the trust in vendor relationships.
B. Increasing the risk of decisions based on incomplete management information.
C. Reduction of the potential for civil and legal liability
D. Direct involvement of senior management in developing control processes
正解:C
質問 7:
Control Objectives for Information and Related Technology (COBIT) is which of the following?
A. A framework for Information Technology management and governance
B. A set of international regulations for Information Technology governance
C. An Information Security audit standard
D. An audit guideline for certifying secure systems and controls
正解:A
Kasahara -
512-50基本的に用語とその概要を網羅する勉強になるため言語学ほど実践的な過去問は必要ないかと思われますが、それにしても過去問の収録数は少なめです。