Topic 1: Governance (Policy, Legal & Compliance)
An organization's Information Security Policy is of MOST importance because
A.
it communicates management’s commitment to protecting information resources
B.
it is formally acknowledged by all employees and vendors
C.
it defines a process to meet compliance requirements
D.
it establishes a framework to protect confidential information
it communicates management’s commitment to protecting information resources
Which of the following should be determined while defining risk management strategies?
A.
Organizational objectives and risk tolerance
B.
Risk assessment criteria
C.
IT architecture complexity
D.
Enterprise disaster recovery plans
Organizational objectives and risk tolerance
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?
A.
Internal audit
B.
The data owner
C.
All executive staff
D.
Government regulators
The data owner
You have implemented a new security control. Which of the following risk strategy options have you engaged in?
A.
Risk Avoidance
B.
Risk Acceptance
C.
Risk Transfer
D.
Risk Mitigation
Risk Mitigation
Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?
A.
Threat
B.
Vulnerability
C.
Attack vector
D.
Exploitation
Vulnerability
Which of the following most commonly falls within the scope of an information security governance steering committee?
A.
Approving access to critical financial systems
B.
Developing content for security awareness programs
C.
Interviewing candidates for information security specialist positions
D.
Vetting information security policies
Vetting information security policies
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?
A.
Providing a risk program governance structure
B.
Ensuring developers include risk control comments in code
C.
Creating risk assessment templates based on specific threats
D.
Allowing for the acceptance of risk for regulatory compliance requirements
Providing a risk program governance structure
Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?
A.
Poses a strong technical background
B.
Understand all regulations affecting the organization
C.
Understand the business goals of the organization
D.
Poses a strong auditing background
Understand the business goals of the organization
Risk that remains after risk mitigation is known as
A.
Persistent risk
B.
Residual risk
C.
Accepted risk
D.
Non-tolerated risk
Residual risk
The success of the Chief Information Security Officer is MOST dependent upon:
A.
favorable audit findings
B.
following the recommendations of consultants and contractors
C.
development of relationships with organization executives
D.
raising awareness of security issues with end users
development of relationships with organization executives
Page 5 out of 45 Pages |
Previous |