READ Free Dumps For
Warning: Undefined variable $vendor in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
-
Warning: Undefined variable $exam_number in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
Question ID 16873 | What would a security manager PRIMARILY utilize when proposing the implementation of
a security solution?
|
Option A | Risk assessment report
|
Option B | Technical evaluation report
|
Option C | Business case
|
Option D | Budgetary requirements
|
Correct Answer | C |
Explanation Explanation: The information security manager needs to prioritize the controls based on risk management and the requirements of the organization. The information security manager must look at the costs of the various controls and compare them against the benefit the organization will receive from the security solution. The information security manager needs to have knowledge of the development of business cases to illustrate the costs and benefits of the various controls. All other choices are supplemental.
Question ID 16874 | The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
|
Option A | return on investment (ROD.
|
Option B | a vulnerability assessment.
|
Option C | annual loss expectancy (ALE).
|
Option D | a business case.
|
Correct Answer | D |
Explanation Explanation: A business case shows both direct and indirect benefits, along with the investment required and the expected returns, thus making it useful to present to senior management. Return on investment (ROD would only provide the costs needed to preclude specific risks, and would not provide other indirect benefits such as process improvement and learning. A vulnerability assessment is more technical in nature and would only identify and assess the vulnerabilities. This would also not provide insights on indirect benefits. Annual loss expectancy (ALE) would not weigh the advantages of implementing single sign-on (SSO) in comparison to the cost of implementation.