MultipleChoice
Zoning is a security control to separate physical areas with different security levels. Zones with higher security levels can be secured by more controls. The facility manager of a conference center is responsible for security.
What combination of business functions should be combined into one security zone?
OptionsMultipleChoice
A security architect argues with the internal fire prevention team about the statement in the information security policy, that doors to confidential areas should be locked at all times. The emergency response team wants
to access to those areas in case of fire.
What is the best solution to this dilemma?
OptionsMultipleChoice
It is important that an organization is able to prove compliance with information standards and legislation. One of the most important areas is documentation concerning access management. This process contains a
number of activities including granting rights, monitoring identity status, logging, tracking access and removing rights. Part of these controls are audit trail records which may be used as evidence for both internal and
external audits.
What component of the audit trail is the most important for an external auditor?
OptionsMultipleChoice
A security manager just finished the final copy of a risk assessment. This assessment contains a list of identified risks and she has to determine how to treat these risks.
What is the best option for the treatment of risks?
OptionsMultipleChoice
A protocol to investigate fraud by employees is being designed.
Which measure can be part of this protocol?
OptionsMultipleChoice
In a company the IT strategy is migrating towards a Service Oriented Architecture (SOA) so that migrating to the cloud is better feasible in the future. The security architect is asked to make a first draft of the security
architecture.
Which elements should the security architect draft?
OptionsMultipleChoice
The information security manager is writing the Information Security Management System (ISMS) documentation. The controls that are to be implemented must be described in one of the phases of the Plan-Do-
Check-Act (PDCA) cycle of the ISMS.
In which phase should these controls be described?
Options