96%(400)383 out of 400 people found this document helpful
This preview shows page 3 - 6 out of 15 pages.
Selected Answer:Companies need to maintain data or the purpose of keeping an audit trail.Correct Answer:Companies need to maintain data or the purpose of keeping an audit trail.Question 90 out of 2 pointsThere are many different types of automated controls that are configured into devices for the purpose of enforcing a security policy. Which of the following is notan automated control?Selected Answer:network segmentationCorrect Answer:log reviewsQuestion 100 out of 2 pointsOne of the different manual controls necessary for managing risk is ________________, which is a type of formal management verification. In theprocess, management confirms that a condition is present and that security controls and policies are in place.Selected Answer:background checksCorrect Answer:attestationQuestion 112 out of 2 pointsThe information security organization performs a significant role in the implementation of solutions that mitigate risk and control solutions. Because the security organization institutes the procedures and policies tobe executed, they occupy role of ____________________.Selected Answer:
subject matter expert (SME)Correct Answer:subject matter expert (SME)Question 120 out of 2 points___________________ are responsible for the monitoring of activities the pre, middle, and post stages of goal implementation, whereas __________________are responsible for the monitoring of activities following the implementation and are called upon to evaluate whether or not the goals have been achieved.Selected Answer:Project committees, management committeesCorrect Answer:Management committees, government committeesQuestion 132 out of 2 pointsThe executive management has the responsibility of connecting many lines of business to bring resolution to strategy business issues. However, their ultimate responsibility is to ___________________________.Selected Answer:enforce policies at the executive and enterprise levelsCorrect Answer:enforce policies at the executive and enterprise levelsQuestion 140 out of 2 pointsThere are number of issues to consider when composing security policies. One such issue concerns the use of security devices. One such device is a ____________, which is a network security device with characteristics of a decoy that serves as a target that might tempt a hacker.Selected Answer:threat vectorCorrect Answer:honeypotQuestion 15
0 out of 2 pointsA ______________________ is an apparatus for risk management that enablesthe organization to comprehend its risks and how those risks might impactthe business.Selected Answer:risk mitigation assess self-assessment (RMASA)Correct Answer:risk and control self-assessment (RCSA)Question 160 out of 2 pointsIf an organization is creating a customized data classification scheme, it is important to keep in mind the accepted guidelines. Which of the following is notone these guidelines?Selected Answer:Connect the classification to particular handling requirements.