Selected Answer Companies need to maintain data or the purpose of keeping an

Selected answer companies need to maintain data or

This preview shows page 3 - 6 out of 15 pages.

Selected Answer: Companies need to maintain data or the purpose of keeping an audit trail. Correct Answer: Companies need to maintain data or the purpose of keeping an audit trail. Question 9 0 out of 2 points There are many different types of automated controls that are configured into devices for the purpose of enforcing a security policy. Which of the following is not an automated control? Selected Answer: network segmentation Correct Answer: log reviews Question 10 0 out of 2 points One of the different manual controls necessary for managing risk is ________________, which is a type of formal management verification. In the process, management confirms that a condition is present and that security controls and policies are in place. Selected Answer: background checks Correct Answer: attestation Question 11 2 out of 2 points The information security organization performs a significant role in the implementation of solutions that mitigate risk and control solutions. Because the security organization institutes the procedures and policies to be executed, they occupy role of ____________________. Selected Answer:
Image of page 3
subject matter expert (SME) Correct Answer: subject matter expert (SME) Question 12 0 out of 2 points ___________________ are responsible for the monitoring of activities the pre, middle, and post stages of goal implementation, whereas __________________are responsible for the monitoring of activities following the implementation and are called upon to evaluate whether or not the goals have been achieved. Selected Answer: Project committees, management committees Correct Answer: Management committees, government committees Question 13 2 out of 2 points The executive management has the responsibility of connecting many lines of business to bring resolution to strategy business issues. However, their ultimate responsibility is to ___________________________. Selected Answer: enforce policies at the executive and enterprise levels Correct Answer: enforce policies at the executive and enterprise levels Question 14 0 out of 2 points There are number of issues to consider when composing security policies. One such issue concerns the use of security devices. One such device is a ____________, which is a network security device with characteristics of a decoy that serves as a target that might tempt a hacker. Selected Answer: threat vector Correct Answer: honeypot Question 15
Image of page 4
0 out of 2 points A ______________________ is an apparatus for risk management that enables the organization to comprehend its risks and how those risks might impact the business. Selected Answer: risk mitigation assess self-assessment (RMASA) Correct Answer: risk and control self-assessment (RCSA) Question 16 0 out of 2 points If an organization is creating a customized data classification scheme, it is important to keep in mind the accepted guidelines. Which of the following is not one these guidelines? Selected Answer: Connect the classification to particular handling requirements.
Image of page 5
Image of page 6

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture