Revision Questions
- What is the primary objective of a risk management program?
- To protect the IT assets
- To implement preventive controls
- To achieve the stated objectives
- To ensure the availability of IT systems
- Which of the following vulnerabilities will allow attackers to access data through a web application?
- Validation checks are missing in data input fields
- The password history rule is not implemented
- Application logs are not monitored at frequent intervals
- Two-factor authentication is not implemented
- The best way to understand the evolving nature of attacks is:
- To place a honeypot
- A rogue access point
- Industry tracking groups
- Penetration test
- A previously accepted risk:
- Should be reassessed on a periodic basis as risks change over time
- Does not need to be assessed again in the future
- Should be removed from the risk register
- Should be mitigated in the next assessment
- A security manager notes an incident though none of the controls have failed. What is the most likely cause...