In order to better improve the security culture within an organisation with a top down approach, which of the following actions at board level is the MOST effective?
A. Appointment of a Chief Information Security Officer (CISO).
B. Purchasing all senior executives personal firewalls.
C. Adopting an organisation wide "clear desk" policy.
D. Developing a security awareness e-learning course.
Which standard deals with the implementation of business continuity?
A. ISO/IEC 27001
B. COBIT
C. IS0223G1.
D. BS5750.
What does a penetration test do that a Vulnerability Scan does NOT?
A. A penetration test seeks to actively exploit any known or discovered vulnerabilities.
B. A penetration test looks for known vulnerabilities and reports them without further action.
C. A penetration test is always an automated process - a vulnerability scan never is.
D. A penetration test never uses common tools such as Nrnap, Nessus and Metasploit.
Which of the following is the MOST important reason for undertaking Continual Professional Development (CPD) within the Information Security sphere?
A. Professional qualification bodies demand CPD.
B. Information Security changes constantly and at speed.
C. IT certifications require CPD and Security needs to remain credible.
D. CPD is a prerequisite of any Chartered Institution qualification.
When an organisation decides to operate on the public cloud, what does it lose?
A. The right to audit and monitor access to its information.
B. Control over Intellectual Property Rights relating to its applications.
C. Physical access to the servers hosting its information.
D. The ability to determine in which geographies the information is stored.
Ensuring the correctness of data inputted to a system is an example of which facet of information security?
A. Confidentiality.
B. Integrity.
C. Availability.
D. Authenticity.
Which of the following controls would be the MOST relevant and effective in detecting zero day attacks?
A. Strong OS patch management
B. Vulnerability assessment
C. Signature-based intrusion detection.
D. Anomaly based intrusion detection.
When considering the disposal of confidential data, equipment and storage devices, what social engineering technique SHOULD always be taken into consideration?
A. Spear Phishing.
B. Shoulder Surfing.
C. Dumpster Diving.
D. Tailgating.
When undertaking disaster recovery planning, which of the following would NEVER be considered a "natural" disaster?
A. Arson.
B. Electromagnetic pulse
C. Tsunami.
D. Lightning Strike
Which algorithm is a current specification for the encryption of electronic data established by NIST?
A. RSA.
B. AES.
C. DES.
D. PGP.
