11. Risk Assessment includes all of the following EXCEPT:
A. Implementation of effective countermeasures
B. Ensuring that risk is managed
C. Analysis of the current state of security in the target environment
D. Strategic analysis of risk
Ans: A
12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
A. Automated tools
B. Adoption of qualitative risk assessment processes
C. Increased reliance on internal experts for risk assessment
D. Recalculation of the work factor
Ans: A
13. Data classification can assist an organization in:
A. Eliminating regulatory mandates
B. Lowering accountability of data classifiers
C. Reducing costs for protecting data
D. Normalization of databases
Ans: C
14. Who “owns” an organization’s data?
A. Information technology group
B. Users
C. Data custodians
D. Business units
Ans: D
15. An information security policy does NOT usually include:
A. Authority for information security department
B. Guidelines for how to implement policy
C. Basis for data classification
D. Recognition of information as an asset of the organization
Ans: B
16. The role of an information custodian should NOT include:
A. Restoration of lost or corrupted data
B. Regular backups of data
C. Establishing retention periods for data
D. Ensuring the availability of data
Ans: C
17. A main objective of awareness training is:
A. Provide understanding of responsibilities
B. Entertaining the users through creative programs
C. Overcoming all resistance to security procedures
D. To be repetitive to ensure accountability
Ans: A
18. What is a primary target of a person employing social engineering?
A. An individual
B. A policy
C. Government agencies
D. An information system
Ans: A
19. Social engineering can take many forms EXCEPT:
A. Dumpster diving
B. Coercion or intimidation
C. Sympathy
D. Eavesdropping
Ans: D
20. Incident response planning can be instrumental in:
A. Meeting regulatory requirements
B. Creating customer loyalty
C. Reducing the impact of an adverse event on the organization
D. Ensuring management makes the correct decisions in a crisis
Ans: C
More Questions & Answers:-
Page1 Page2 Page3 Page4 Page5
A. Implementation of effective countermeasures
B. Ensuring that risk is managed
C. Analysis of the current state of security in the target environment
D. Strategic analysis of risk
Ans: A
12. A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?
A. Automated tools
B. Adoption of qualitative risk assessment processes
C. Increased reliance on internal experts for risk assessment
D. Recalculation of the work factor
Ans: A
13. Data classification can assist an organization in:
A. Eliminating regulatory mandates
B. Lowering accountability of data classifiers
C. Reducing costs for protecting data
D. Normalization of databases
Ans: C
14. Who “owns” an organization’s data?
A. Information technology group
B. Users
C. Data custodians
D. Business units
Ans: D
15. An information security policy does NOT usually include:
A. Authority for information security department
B. Guidelines for how to implement policy
C. Basis for data classification
D. Recognition of information as an asset of the organization
Ans: B
16. The role of an information custodian should NOT include:
A. Restoration of lost or corrupted data
B. Regular backups of data
C. Establishing retention periods for data
D. Ensuring the availability of data
Ans: C
17. A main objective of awareness training is:
A. Provide understanding of responsibilities
B. Entertaining the users through creative programs
C. Overcoming all resistance to security procedures
D. To be repetitive to ensure accountability
Ans: A
18. What is a primary target of a person employing social engineering?
A. An individual
B. A policy
C. Government agencies
D. An information system
Ans: A
19. Social engineering can take many forms EXCEPT:
A. Dumpster diving
B. Coercion or intimidation
C. Sympathy
D. Eavesdropping
Ans: D
20. Incident response planning can be instrumental in:
A. Meeting regulatory requirements
B. Creating customer loyalty
C. Reducing the impact of an adverse event on the organization
D. Ensuring management makes the correct decisions in a crisis
Ans: C
More Questions & Answers:-
Page1 Page2 Page3 Page4 Page5
No comments:
Post a Comment