User
Ubeda Sawda
Course
2018_SPR_IG_Operations
Security_01_20_21_COMBINED
Test
Quiz #3
Started
1/23/18 6:37 PM
Submitted
1/23/18 8:31 PM
Due Date
1/28/18 11:59 PM
Status
Completed
Attempt Score
90.00000 out of 100.00000 points
Time Elapsed
1 hour, 54 minutes
Results
Displayed
All Answers, Submitted Answers, Correct
Answers
Question 1
5.00000 out of 5.00000 points
In an issue-specific standard, the
___________________________section
defines a
security issue and any relevant terms, distinctions, and conditions.
Selected
Answer:
statement of an issue
Answers:
definition of roles and
responsibilities
statement of applicability
statement of the organization’s
position
statement of an issue
Question 2
5.00000 out of 5.00000 points
In a (n) ____________________, there are policies, standards, baselines,
procedures, guidelines, and taxonomy.
Selected
Answer:
IT policy framework
Answers:
asset management
policy
IT policy framework
control standard
risk assessment policy
Question 3
5.00000 out of 5.00000 points
One example of granularity is a policy that requires an e-mail server to
have a specific configuration in order to be considered secure and a
server-based monitoring tool that can report the configuration and
compliance to the appropriate personnel. In this scenario, the policy is
appropriately fine-grained and automates enforcement.
Selected
Answer:
True
Answers:
True
False
Question 4
0.00000 out of 5.00000 points
If a security policy clearly distinguishes the responsibilities of computer
services providers from those of the managers of applications who use
the computer services, which of the following goals is served?
Selected
Answer:
confidentialit
y
Answers:
accountabilit
y
confidentialit
y
scope
compliance
Question 5
5.00000 out of 5.00000 points
It is important to create an IT security program structure that aligns
with program and organizational goals and describes the operating and
risk environment. Which of the following is one of the important issues
for the structure of the information security program?
Selected
Answer:
Management and coordination of security-related
resources
Answers:
Human resources security
Management and coordination of security-related
resources
Access control
Asset management
Question 6
5.00000 out of 5.00000 points
Which of the following statements best captures the role of information
security teams in ensuring compliance with laws and regulations?
Selected
Answer:
Information security personnel work with their organizations’
compliance and legal teams to determine violations of an
organization’s security policy.
Answers:
Information security personnel must be trained lawyers, and as
such they must work with their organizations’ compliance and
legal teams to gain an understanding of legal requirements.
Information security personnel work with their organizations’
compliance and legal teams to determine whether an
organization is violating a law.
