Chapter 2 - Business Drivers for Information Security Policies



Answers
1. 
C
2. 
A
3. 
A
4. 
Preventive
5. 
C
6. 
B
7. 
D
8. 
A
9. 
D
10. 
D
11. 
A
12. 
B
13. 
B
14. 
D
15. 
D



What is policy compliance?
  1. The effort to follow an organization's policy
  2. When customers read a Web site policy statement
  3. Adherence to an organization's policy
  4. Failure to follow to an organization's policy

What is an automated control?
  1. A control that stops behavior immediately and does not rely on human decisions
  2. A control that does not stop behavior immediately and relies on human decisions
  3. A control that does not stop behavior immediately but automates notification of incident
  4. A control that stops behavior immediately and relies on human decisions

Which of the following is not a business driver?
  1. Ability to acquire the newest technology
  2. Cost of maintaining controls
  3. Ability to legally defend
  4. Customer satisfaction

A firewall is generally considered an example of a ________ control.

What is an information security policy?
  1. A policy that defines acceptable behavior of a customer
  2. A policy that defines what hardware to purchase
  3. A policy that defines how to protect information in any form
  4. A policy that defines the type of uniforms guards should wear

Which of the following is not a type of security control?
  1. Preventative
  2. Correlative
  3. Detective
  4. Corrective

Tone at the top refers to:
  1. A company's leaders making sure every employee knows the priorities
  2. Senior leaders implementing and enforcing policies
  3. Senior managers building trust with the public and with regulators
  4. All of the above

Privacy regulations involve two important principles: full disclosure and data encryption.
  1. True
  2. False

What are the benefits to having a security awareness program emphasize the business risk?
  1. Risk becomes more relevant to employees
  2. Security policies are more likely to be followed
  3. Provides employees a foundation to deal with unexpected risk
  4. All of the above

Which of the following is not a guideline to be considered when developing policy to secure PII date?
  1. Align—Coordinate privacy policies with data classification policies
  2. Retain—Ensure proper controls around data retention and destruction
  3. Disclose—Fully disclose to the individual what data is being collected and how it will be used
  4. Resiliency—Policies provide guidelines for the unexpected

Information used to open or access a bank account is generally considered PII data.
  1. True
  2. False

Which of the following is not a benefit of having an acceptable use policy?
  1. Outlines disciplinary action for improper behavior
  2. Prevents employees from misusing the Internet
  3. Reduces business liability
  4. Defines proper behavior while using the Internet

Mitigating controls always meet the full intent of the policy.
  1. True
  2. False

Which of the following do you need to measure to achieve operational consistency?
  1. Consistency
  2. Quality
  3. Results
  4. All of the above

Well-defined and properly implemented security policies help the business in which of the following ways?
  1. Maximize profit
  2. Reduce risk
  3. Produce consistent and reliable products
  4. All of the above

Answers
1. 
C
2. 
A
3. 
A
4. 
Preventive
5. 
C
6. 
B
7. 
D
8. 
A
9. 
D
10. 
D
11. 
A
12. 
B
13. 
B
14. 
D
15. 
D

Comments

Post a Comment

Popular posts from this blog

Solar System Overview Questions and Answers

Image
Which planet is the most massive? Jupiter Which planet type tends to be high mass? Jovian Which planet is the least massive? Mercury Which planet type tends to be low mass? Terrestrial Which planet type tends to be high-density Terrestrial Which planet type tends to be small? Terrestrial Which planet type tends to have many natural satellites? Jovian If Pluto were a planet, which type would it be, if you consider only its size? Terrestrial If Pluto were a planet, which type would it be, if you consider only its density? Jovian If Pluto were a planet, which type would it be, if you consider only its number of satellites? Terrestrial What were the three major components of the solar nebula? Rock and Metal, Hydrogen Compounds, Hydrogen and Helium Gas Which components exist in solid form inside the Rock/Metal condensation line? (By ‘inside’ we mean closer to the center or closer to the protosun.) Non...
Read more

Extra Solar Planets Question and Answer

Image
Drag the phase slider left and right to move the planet into and out of transit mode. The normalized flux (relative amount of star light reaching an observer on Earth) when the planet is off to the side (not transiting) is _________ while the normalized flux when the planet is transiting is __________. (Hint: examine the plot at the top of the applet while you move the phase slider. The number you are looking for is on the left of the plot.) 1.000, 0.990 Now, decrease the planet size by sliding the Planet Properties ‘radius’ slider to the left until it is one-tenth (0.100) the radius of Jupiter. For this configuration, the normalized flux (relative amount of star light reaching an observer on Earth) when the planet is off to he side (not transiting) is ________ while the normalized flux when the planet is transiting is __________. 1.00000, 0.99990 Referring to the two questions above, the transit detection method relies on the difference between the flux when the pl...
Read more

Chapter 3 - U.S. Compliance Laws and Information Security Policy Requirements

Answers 1.   B 2.   E 3.   E 4.   D 5.   Cyberterrorism or cyberwarfare 6.   B 7.   CIPA 8.   B 9.   B 10.   B 11.   D 12.   D 1.  When creating laws and regulations, the government's sole concern is the privacy of the individual. True False 2.  Which of the following are pressures on creating security policies? Shareholder value Regulations Technology vulnerabilities and limitations B and C only All of the above 3.  Which of the following laws require proper security controls for handling privacy data? HIPAA GLBA FERPA B and C Only All of the above 4.  Which of the following are control objectives for PCI DSS? Maintain an information security policy Protect cardholder data Alert when credit cards are illegally used A and B only None of the above 5....
Read more