Question: The management staff of an organization that does not have a dedicated security function decide to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager:
A.) report risks in other departments.
B.) obtain support from other departments.
C.) report significant security risks.
D.) have knowledge of security standards.

Download pdf (with explanations) edition of this exam.