Question 1

1. A board of directors uses _____________ to set forth its information security plans.

   policies

   financial statements

   standards

   goals

4 points   

 

Question 2

1. A formal ______________ is executive management’s high-level statement of information security direction and goals.

   standard

   policy

   guidelines

   procedures

4 points   

 

Question 3

1. A risk assessment ____________________.

   should be as broad as possible in scope

   should be narrowly scoped

   does not need to address conflicts of interest when selecting team members

   needs only the approval of information security managers and subject matter experts

4 points   

 

Question 4

1. According to the NIST, the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level is ___________.

   incident response management

   security response management

   breach response management

   risk management

4 points   

 

Question 5

1. An organization responds to risk according to its:

   monitoring plan

   operation plan

   business strategy

   tactical plan

4 points   

 

Question 6

1. An organization's senior IT official is generally referred to as its:

   A.	Chief Information Officer
   B.	Chief Technology Officer
   C.	Chief Information Security Officer
   D.	Information Security Manager
   E.	Chief financial Officer

4 points   

 

Question 7

1. Any organization’s risk management plan includes:

   risk assessment, risk response, training employees, and continuous monitoring

   risk assessment, ISO compliance, tactical planning, and continuous monitoring

   risk assessment, risk response, ISO compliance, FISMA compliance

   risk assessment, risk response, tactical planning, FISMA compliance

4 points   

 

Question 8

1. Parties who are responsible in an organization for functional management of the Organization's information security program. This person manages the operational activities and implement controls specified by higher level management.

   A.	Board of Directors
   B.	Chief Information Officer
   C.	Chief Technology Officer
   D.	Chief Information Security Officer
   E.	Information Security Manager

4 points   

 

Question 9

1. One of the main goals of _______________ is to protect an organization’s bottom line.

   tactical planning

   risk management

   an incident response plan

   IT management

4 points   

 

Question 10

1. Of the following information security assurance documents, which is the most flexible?

   policy

   standard

   guideline

   procedure

4 points   

 

Question 11

1. Most flexible type of Information Security Governance Document.

   A.	Guidelines
   B.	Procedures
   C.	Standards
   D.	Policies
   E.	None of the above

4 points   

 

Question 12

1. Members of the risk assessment team should include:

   information security managers only

   information security managers and financial planners

   representatives from business, IT, human resources, executive management, and information security managers

   information security managers, financial planners, and representatives from business lines

4 points   

 

Question 13

1. Group responsible for information security governance.

   A.	Information Security Management
   B.	Executive Management
   C.	Chief Information Security Officer
   D.	Chief Information Officer
   E.	None of the above

4 points   

 

Question 14

1. Following a disaster, what is the best kind of site if you need to resume operations in the shortest possible time?

   hot

   cold

   warm

   nearby

4 points   

 

Question 15

1. Executive Management's high-level statement of information security directions and goals.

   A.	Guidelines
   B.	Procedures
   C.	Standards
   D.	Policies
   E.	All of the above

4 points   

 

Question 16

1. Data destruction policies do not include which of the following?

   identification of data ready for destruction

   proper destruction methods for different kinds of data or storage media

   consequences for improper destruction

   how long the data should be retained

4 points   

 

Question 17

1. Data __________________ policies state how data is controlled throughout its life cycle.

   retention

   privacy

   detention

   use

4 points   

 

Question 18

1. When testing a disaster recovery plan, which test involves hypothetical role-playing of a disaster?

   full interruption

   walk-through

   scenario

   parallel

4 points   

 

Question 19

1. What type of standard states a minimum level of behavior or actions that must be met to comply with a policy?

   baseline

   minimal

   safeguard

   procedural

4 points   

 

Question 20

1. What type of risk assessment uses monetary values to assess a risk?

   ongoing

   quantitative

   probability-based

   qualitative

4 points   

 

Question 21

1. What type of risk assessment uses descriptive categories to express asset criticality, risk exposure (likelihood), and risk impact?

   ongoing

   quantitative

   probability-based

   qualitative

4 points   

 

Question 22

1. What kind of policy would contain a No Retaliation element?

   acceptable use

   anti-harassment

   intellectual property

   authentication

4 points   

 

Question 23

1. What is the primary function of an organization's Information security goals?

   A.	To support the business objectives
   B.	To insure information is not shared
   C.	To support industry guidelines
   D.	To support mid-level decision making
   E.	None of the above

4 points   

 

Question 24

1. What do you compare in a risk-level matrix when evaluating the elements of a risk?

   threat and available controls

   threat likelihood and impact

   impact and severity

   cost and impact

4 points   

 

Question 25

1. Types or categories of business planning:

   A.	Information Planning
   B.	Strategic Planning
   C.	Strategic Planning and Tactical Planning
   D.	Strategic Planning, Tactical Planning and Operational Planning
   E.	Information Planning, Strategic Planning and Operational Planning