100%(22)22 out of 22 people found this document helpful
This preview shows page 1 - 3 out of 13 pages.
QUESTION 11.Security controls are measures taken to protect systems from attacks on the integrity, confidentiality, and availability of the system. If a potential employee is requiredto undergo a drug screening, which of the following controls is being conducted?preventive security controlstechnical security controlsphysical security controlsadministrative controls10 points QUESTION 21.It is important that security policies establish a concrete distinction between work life and home life. Such a distinction requires that employees understand that they haveno expectation of _______________.10 points QUESTION 31.The operational risk committee has the ability to determine which business activities are riskier than others. For example, if a business wants to sell product on the Internet for the first time, then the risk committee would need to understand the wide-ranging risks involved as well as the organization’s security capability.10 points QUESTION 41.COSO is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks.10 points QUESTION 51.The ________________ domain ensures risks are diminished and remediated in the most cost-effective manner. To prevent risk from increasing in severity and scope,
this domain coordinates risk responses ensuring that the right people are engaged when appropriate.risk responserisk governancerisk evaluationrisk acceptance10 points QUESTION 61.Consider this scenario: A major software company finds that code has been executed on an infected machine in its operating system. As a result, the company begins working to manage the risk and eliminates the vulnerability 12 days later. Which of the following statements best describes the company’s approach?10 points QUESTION 71.After management has created and agreed upon its policies, it must then determine how these policies will be implemented. Which of the following is not one the processes that line management will follow in order to make the new policies operational?