1. Which of the following is the FIRST phase in which security should be addressed in the development cycle of a project?

A) Design
B) Implementation
C) Application security testing
D) Feasibility



2. Which of the following is the MOST important consideration when deciding whether to continue outsourcing to a managed security service provider?

A) The business need for the function
B) The cost of the services
C) The vendor's reputation in the industry
D) The ability to meet deliverables



3. Which of the following BEST ensures timely and reliable access to services?

A) Authenticity
B) Recovery time objective
C) Availability
D) Nonrepudiation



4. Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

A) Internal audit signs off on security prior to implementation
B) Information security staff perform compliance reviews before production begins
C) Information security staff take responsibility for the design of system security
D) Business requirements must include security objectives



5. An information security manager learns that a departmental system is out of compliance with the information security policy's password strength requirements.Which of the following should be the information security manager's FIRST course of action?

A) Submit the issue to the steering committee for escalation
B) Conduct an impact analysis to quantify the associated risk
C) Isolate the non-compliant system from the rest of the network
D) Request risk acceptance from senior management