Zoning is a security control to separate physical areas with different security levels. Zones with higher
security levels can be secured by more controls. The facility manager of a conference center is
responsible for security.
What combination of business functions should be combined into one security zone?
C
Which security item is designed to take collections of data from multiple computers?
C
A security manager just finished the final copy of a risk assessment. This assessment contains a list of
identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
B
When should information security controls be considered?
A
A security architect argues with the internal fire prevention team about the statement in the
information security policy, that doors to confidential areas should be locked at all times. The
emergency
response
team
wants
to access to those areas in case of fire.
What is the best solution to this dilemma?
C
A risk manager is asked to perform a complete risk assessment for a company.
What is the best method to identify most of the threats to the company?
A
It is important that an organization is able to prove compliance with information standards and
legislation. One of the most important areas is documentation concerning access management. This
process
contains
a
number of activities including granting rights, monitoring identity status, logging, tracking access and
removing rights. Part of these controls are audit trail records which may be used as evidence for both
internal
and
external audits.
What component of the audit trail is the most important for an external auditor?
A
What is the main reason to use a firewall to separate two parts of your internal network?
D
A company's webshop offers prospects and customers the possibility to search the catalog and place
orders around the clock. In order to satisfy the needs of both customer and business several
requirements
have
to
be met. One of the criteria is data classification.
What is the most important classification aspect of the unit price of an object in a 24h webshop?
C
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that
migrating to the cloud is better feasible in the future. The security architect is asked to make a first
draft
of
the
security
architecture.
Which elements should the security architect draft?
C
The information security architect of a large service provider advocates an open design of the
security architecture, as opposed to a secret design.
What is her main argument for this choice?
C
When is revision of an employee’s access rights mandatory?
D
An employee has worked on the organizational risk assessment. The goal of the assessment is not to
bring residual risks to zero, but to bring the residual risks in line with an organization's risk appetite.
When has the risk assessment program accomplished its primary goal?
C
In a company a personalized smart card is used for both physical and logical access control.
What is the main purpose of the person’s picture on the smart card?
A
What is a key item that must be kept in mind when designing an enterprise-wide information
security program?
B