1. An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?

• A. Report the noncompliance to the board of directors.
• B. Inform respective risk owners of the impact of exceptions
• C. Design mitigating controls for the exceptions.
• D. Prioritize the risk and implement treatment options.

2. An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?

• A. Communicate social media usage requirements and monitor compliance.
• B. Block workplace access to social media sites and monitor employee usage.
• C. Train employees how to set up privacy rules on social media sites.
• D. Scan social media sites for company-related information.

3. An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?

• A. Accessing information security event data
• B. Regular testing of incident response plan
• C. Obtaining physical hardware for forensic analysis
• D. Defining incidents and notification criteria