Topic 1: Governance (Policy, Legal & Compliance)
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?
A.
Awareness
B.
Compliance
C.
Governance
D.
Management
Governance
Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:
A.
Risk management
B.
Security management
C.
Mitigation management
D.
Compliance management
Compliance management
A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?
A.
Audit validation
B.
Physical control testing
C.
Compliance management
D.
Security awareness training
Compliance management
When choosing a risk mitigation method what is the MOST important factor?
A.
Approval from the board of directors
B.
Cost of the mitigation is less than the risk
C.
Metrics of mitigation method success
D.
Mitigation method complies with PCI regulations
Cost of the mitigation is less than the risk
Which of the following is MOST likely to be discretionary?
A.
Policies
B.
Procedures
C.
Guidelines
D.
Standards
Guidelines
When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?
A.
Escalation
B.
Recovery
C.
Eradication
D.
Containment
Containment
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?
A.
Data breach disclosure
B.
Consumer right disclosure
C.
Security incident disclosure
D.
Special circumstance disclosure
Data breach disclosure
From an information security perspective, information that no longer supports the main purpose of the business should be:
A.
assessed by a business impact analysis.
B.
protected under the information classification policy.
C.
analyzed under the data ownership policy.
D.
analyzed under the retention policy
analyzed under the retention policy
What is the BEST way to achieve on-going compliance monitoring in an organization?
A.
Only check compliance right before the auditors are scheduled to arrive onsite.
B.
Outsource compliance to a 3rd party vendor and let them manage the program.
C.
Have Compliance and Information Security partner to correct issues as they arise.
D.
Have Compliance direct Information Security to fix issues after the auditors report.
Have Compliance and Information Security partner to correct issues as they arise.
The single most important consideration to make when developing your security program, policies, and processes is:
A.
Budgeting for unforeseen data compromises
B.
Streamlining for efficiency
C.
Alignment with the business
D.
Establishing your authority as the Security Executive
Alignment with the business
Page 6 out of 45 Pages |
Previous |