Question
Answered

Question 1

  1. A board of directors uses _____________ to set forth its information security plans.
    policies
    financial statements
    standards
    goals

4 points   


Question 2
  1. A formal ______________ is executive management's high-level statement of information security direction and goals.
    standard
    policy
    guidelines
    procedures

4 points   


Question 3
  1. A risk assessment ____________________.
    should be as broad as possible in scope
    should be narrowly scoped
    does not need to address conflicts of interest when selecting team members
    needs only the approval of information security managers and subject matter experts

4 points   


Question 4
  1. According to the NIST, the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level is ___________.
    incident response management
    security response management
    breach response management
    risk management

4 points   


Question 5
  1. An organization responds to risk according to its:
    monitoring plan
    operation plan
    business strategy
    tactical plan

4 points   


Question 6
  1. An organization's senior IT official is generally referred to as its:

    A.

    Chief Information Officer

    B.

    Chief Technology Officer

    C.

    Chief Information Security Officer

    D.

    Information Security Manager

    E.

    Chief financial Officer

4 points   


Question 7
  1. Any organization's risk management plan includes:
    risk assessment, risk response, training employees, and continuous monitoring
    risk assessment, ISO compliance, tactical planning, and continuous monitoring
    risk assessment, risk response, ISO compliance, FISMA compliance
    risk assessment, risk response, tactical planning, FISMA compliance

4 points   


Question 8
  1. Parties who are responsible in an organization for functional management of the Organization's information security program. This person manages the operational activities and implement controls specified by higher level management.

    A.

    Board of Directors

    B.

    Chief Information Officer

    C.

    Chief Technology Officer

    D.

    Chief Information Security Officer

    E.

    Information Security Manager

4 points   


Question 9
  1. One of the main goals of _______________ is to protect an organization's bottom line.
    tactical planning
    risk management
    an incident response plan
    IT management

4 points   


Question 10
  1. Of the following information security assurance documents, which is the most flexible?
    policy
    standard
    guideline
    procedure

4 points   


Question 11
  1. Most flexible type of Information Security Governance Document.

    A.

    Guidelines

    B.

    Procedures

    C.

    Standards

    D.

    Policies

    E.

    None of the above

4 points   


Question 12
  1. Members of the risk assessment team should include:
    information security managers only
    information security managers and financial planners
    representatives from business, IT, human resources, executive management, and information security managers
    information security managers, financial planners, and representatives from business lines

4 points   


Question 13
  1. Group responsible for information security governance.

    A.

    Information Security Management

    B.

    Executive Management

    C.

    Chief Information Security Officer

    D.

    Chief Information Officer

    E.

    None of the above

4 points   


Question 14
  1. Following a disaster, what is the best kind of site if you need to resume operations in the shortest possible time?
    hot
    cold
    warm
    nearby

4 points   


Question 15
  1. Executive Management's high-level statement of information security directions and goals.

    A.

    Guidelines

    B.

    Procedures

    C.

    Standards

    D.

    Policies

    E.

    All of the above

4 points   


Question 16
  1. Data destruction policies do not include which of the following?
    identification of data ready for destruction
    proper destruction methods for different kinds of data or storage media
    consequences for improper destruction
    how long the data should be retained

4 points   


Question 17
  1. Data __________________ policies state how data is controlled throughout its life cycle.
    retention
    privacy
    detention
    use

4 points   


Question 18
  1. When testing a disaster recovery plan, which test involves hypothetical role-playing of a disaster?
    full interruption
    walk-through
    scenario
    parallel

4 points   


Question 19
  1. What type of standard states a minimum level of behavior or actions that must be met to comply with a policy?
    baseline
    minimal
    safeguard
    procedural

4 points   


Question 20
  1. What type of risk assessment uses monetary values to assess a risk?
    ongoing
    quantitative
    probability-based
    qualitative

4 points   


Question 21
  1. What type of risk assessment uses descriptive categories to express asset criticality, risk exposure (likelihood), and risk impact?
    ongoing
    quantitative
    probability-based
    qualitative

4 points   


Question 22
  1. What kind of policy would contain a No Retaliation element?
    acceptable use
    anti-harassment
    intellectual property
    authentication

4 points   


Question 23
  1. What is the primary function of an organization's Information security goals?

    A.

    To support the business objectives

    B.

    To insure information is not shared

    C.

    To support industry guidelines

    D.

    To support mid-level decision making

    E.

    None of the above

4 points   


Question 24
  1. What do you compare in a risk-level matrix when evaluating the elements of a risk?
    threat and available controls
    threat likelihood and impact
    impact and severity
    cost and impact

4 points   


Question 25
  1. Types or categories of business planning:

    A.

    Information Planning

    B.

    Strategic Planning

    C.

    Strategic Planning and Tactical Planning

    D.

    Strategic Planning, Tactical Planning and Operational Planning

    E.

    Information Planning, Strategic Planning and Operational Planning


Answer & Explanation
Verified Solved by verified expert

iscing elit. Nam lacinia pulvinar tortor nec facil

congue vel laoreet ac, dictum vitae odio. Donec aliquet. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam lacinia pulvinar tortor nec facilisis. Pellentesque dapibus efficitur laoreet. Nam risus ante, dapibus a molestie consequat, ultrices ac magna. Fusce dui

Unlock full access to Course Hero

Explore over 16 million step-by-step answers from our library

Subscribe to view answer