Q1. The aim of ____ is to maintain an optimum and secure relationship between each of the company's business processes and their respective information security functions.

    a. formal governance

    b. informal governance

    c. formal auditing

    d. formal planning

 

Q2. ____ bundles mutually supporting government initiatives into a single coordinated effort to ensure the security of cyberspace and includes the establishment of a coordinated national capability to identify and remediate computer vulnerabilities.

    a. CHCI, 2008

    b. CCNI, 2008

    c. CNCI, 2008

    d. CICN, 2008

 

Q3. In order for a defense to be effective, all of the requisite ____ have to be in place and properly coordinated.

    a. assets

    b. intrusions

    c. countermeasures

    d. backup controls

 

Q4. A(n) ____ that only reflects the focus and interests of a single field will almost certainly have exploitable holes in it.

    a. offense

    b. defense

    c. control

    d. mitigation

 

Q5. The ____ of a piece of information might be derived from the importance of the idea, or the criticality of the decision, or it can represent simple things like your bank account number.

    a. value

    b. cost

    c. effectiveness

    d. assessment

 

Q6. Meaningful evidence to support operational risk analysis and patch management processes is typically derived from the results of ____ testing.

    a. operation

    b. penetration

    c. application

    d. network

 

Q7. The ____ professional gathers evidence from any computers or digital media that might be implicated in the wrongdoing and supports any legal or regulatory action.

    a. security compliance

    b. risk management

    c. incident

    d. digital forensics

 

Q8. The formal assurance that evidence has passed from agency to agency without tampering is known as the ____.

    a. chain of review

    b. chain of care

    c. chain of custody

    d. chain of control

 

Q9. The ____ is typically responsible for establishing the physical security program, which involves the steps to align the practices of the physical security program with the overall security goals of the organization.

    a. IT security compliance professional

    b. IT operations professional

    c. digital forensics professional

    d. IT security professional

 

Q10. Incident management has both an electronic and a physical focus to it.

    a. True

    b. False

 

Q11. ____ are data that can be used to identify a single individual.

    a. Logical security controls

    b. Personally identifiable information

    c. Virtual security controls

    d. Permanent security controls

 

Q12. The ____ is responsible for ensuring that Personally Identifiable Information (PII) is protected.

    a. certification specialist

    b. risk specialist

    c. privacy specialist

    d. subject matter expert

 

Q13. The CIO is accountable for protecting data and information from harm caused by natural events, like earthquakes.

    a. True

    b. False

 

Q14. The ____ oversees the work of the other information security professionals and typically develops the policies for the information security function.

    a. security architect

    b. CIO

    c. ISO

    d. security engineer

 

Q15. The ____ ensures the enterprise's compliance with all relevant contracts, stands, laws or regulations.

    a. SCO

    b. ISO

    c. CIO

    d. SSO

 

Q16. ____ is the process of placing a coherent set of countermeasures to mitigate all identified risks based on asset vulnerability and identified threats.

    a. Threat management

    b. Risk management

    c. Profile management

    d. Project management

 

Q17. The specific organization-wide approach to security is known as the ____.

    a. security foundation

    b. security solution

    c. security strategy

    d. security policy

 

Q18. The SCO reports any emerging threats to the role responsible for developing security controls, typically the CIO.

    a. True

    b. False

 

Q19. The coordination and control process must maintain the traceability between each ____ and the purposes of the generic recommendation it implements.

    a. individual work instruction

    b. group work instruction

    c. individual task

    d. group task

 

Q20. The aim of any ____ process is to define the set of work instructions that have the greatest chance of accomplishing the purposes of the recommendation.

    a. design

    b. tailoring

    c. build

    d. manage

 

Q21. ____ give the implementation process the required flexibility.

    a. Tasks

    b. Roles

    c. Work instructions

    d. Work roles

 

Q22. In practice, there are likely to be instances where the situation just doesn't fit the recommendations of the EBK.

    a. True

    b. False

 

Q23. The roles and their asosciated competencies are broken down into functions. ____ functions are those that relate to the conceptualization and development of security-related functionality.

    a. Manage

    b. Implement

    c. Design

    d. Evaluate

 

Q24. All of the behaviors that the creators of the EBK deemed necessary to ensure fundamentally proper security were categorized into ____ competency areas.

    a. 10

    b. 12

    c. 14

    d. 16

 

Q25. The evaluation plan has to specify the provisions to assure the continuing ____ of the overall security process.

    a. compliance

    b. renewal

    c. trustworthiness

    d. revision