Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
What type of information is essential in order for management to make educated, intelligent decisions
about safeguard implementation and security policy alterations?Correct
An exhaustive list of all threats and risks, rate of occurrence, and extent of loss if
realized it is very useful for management to make decisions that are risk-free.Incorrect
-
Question 2 of 30
2. Question
Because risk a situation involving exposure to danger, what kind of responses do we have beneficial to avoid risk?
Correct
These kind of responses are favorable in term of avoiding the risk
Incorrect
-
Question 3 of 30
3. Question
Is it better to accept rather than mitigate Residual Risk?
Correct
Residual risk is the risk that management has
chosen to accept rather than mitigate. In most cases, the presence of residual risk indicates
that the cost/benefit analysis showed that the available safeguards were not cost-effective
deterrentsIncorrect
-
Question 4 of 30
4. Question
Amount of risk an organization would face if no safeguards were implemented presents what type of risk?
Correct
The goal of examining total risk is to make a decision that leads to the best possible outcome
Incorrect
-
Question 5 of 30
5. Question
On what part do Technical or logical controls contribute to a better function of security controls?
Correct
Technical or logical controls involve the hardware or software mechanisms used to manage access and to provide protection for resources and systems. As the name implies, it uses
technology. Examples of logical or technical controls include authentication methods, encryption, constrained interfaces, access
control lists, protocols, firewalls, routers, intrusion detection systems (IDSs), and clipping levelsIncorrect
-
Question 6 of 30
6. Question
In what part do the Administrative controls alleviate the organization’s policy
Correct
These controls focus on personnel and business practices. Examples of
administrative controls include policies, procedures, hiring practices, background checks,
data classifications and labeling, security awareness and training efforts, vacation history,
reports and reviews, work supervision, personnel controls, and testingIncorrect
-
Question 7 of 30
7. Question
In what does Business continuity planning (BCP) involve so that it can minimize risk in the organization
Correct
BCP is used to maintain the continuous operation
of a business in the event of an emergency situation. The goal of BCP planners is to implement a combination of policies, procedures, and processes such that a potentially disruptive
event has as little impact on the business as possibleIncorrect
-
Question 8 of 30
8. Question
As with any formalized business process, for the development of a strong business what does continuity
plan requireCorrect
Incorrect
-
Question 9 of 30
9. Question
Under what circumstances security control’s benefits can provide any security
Correct
Security controls should provide benefits that can be monitored and measured. If a security control’s benefits cannot be quantified, evaluated, or compared, then it does not actually provide any security. A security control may provide native or internal monitoring, or
external monitoring might be requiredIncorrect
-
Question 10 of 30
10. Question
If an asset has no value, is there a need to provide protection for it?
Correct
An important step in risk analysis is to appraise the value of an organization’s assets. If an
asset has no value, then there is no need to provide protection for it. A primary goal of risk
analysis is to ensure that only cost-effective safeguards are deployedIncorrect
-
Question 11 of 30
11. Question
Which of the following includes some of the tangible and intangible issues that contribute to the valuation of assets
Correct
Assigning or determining the value of assets to an organization can fulfill numerous
requirements. It serves as the foundation for performing a cost/benefit analysis of asset
protection through safeguard deploymentIncorrect
-
Question 12 of 30
12. Question
What does a risk report contain in order to support decision making, and updated on a regular basis
Correct
A risk report should be accurate, timely, comprehensive of the entire organization, clear
and precise to support decision making, and updated on a regular basisIncorrect
-
Question 13 of 30
13. Question
To develop and manage security education, training, and awareness, what relevant items we need to have
Correct
Incorrect
-
Question 14 of 30
14. Question
To manage the security function, an organization must implement what
Correct
To manage the security function, an organization must implement proper and sufficient
security governance. The act of performing a risk assessment to drive the security policy is
the clearest and most direct example of management of the security functionIncorrect
-
Question 15 of 30
15. Question
What measurements do the security metrics take so the operation of a security feature would have a reduction in unwanted occurrences or an increase in the detection of attempts
Correct
Similar to performance metrics, security metrics are measurements of performance, function, operation, action, and so on as related to the operation of a security feature. When a countermeasure or safeguard is implemented, security
metrics should show a reduction in unwanted occurrences or an increase in the detection of
attempts. Otherwise, the security mechanism is not providing the expected benefit. The act
of measuring and evaluating security metrics is the practice of assessing the completeness
and effectiveness of the security programIncorrect
-
Question 16 of 30
16. Question
What fact when planning a security solution, it’s important to consider
Correct
When planning a security solution, it’s important to consider the fact that humans are
often the weakest element in organizational security. Regardless of the physical or logical
controls deployed, humans can discover ways to avoid them, circumvent or subvert them,
or disable them. Thus, it is important to take users into account when designing and
deploying security solutions for your environmentIncorrect
-
Question 17 of 30
17. Question
through job descriptions what does Maintaining security includes
Correct
Job descriptions are used as a
guide for selecting candidates and properly evaluating them for a position. Maintaining
security through job descriptions includes the use of separation of duties, job responsibilities, and job rotationIncorrect
-
Question 18 of 30
18. Question
What should The termination procedure include for the property
Correct
A termination policy is needed to protect an organization and its existing employees.
The termination procedure should include witnesses, return of company property, disabling
network access, an exit interview, and an escort from the propertyIncorrect
-
Question 19 of 30
19. Question
In what does Business continuity planning (BCP) involve in
Correct
Business continuity planning (BCP) involves assessing the risks to organizational processes
and creating policies, plans, and procedures to minimize the impact those risks might have
on the organization, if they were to occurIncorrect
-
Question 20 of 30
20. Question
What of the following risks presents natural risks
Correct
Risks come in two forms: natural risks and man-made risks. The following list includes
some events that pose natural threatsIncorrect
-
Question 21 of 30
21. Question
The annualized loss expectancy (ALE) occur as a result of what
Correct
The annualized loss expectancy (ALE) is the monetary loss that the business expects to
occur as a result of the risk harming the asset over the course of a year. You already have
all the data necessary to perform this calculation. The SLE is the amount of damage you
expect each time a disaster strikes, and the ARO (from the likelihood analysis) is the number of times you expect a disaster to occur each year.Incorrect
-
Question 22 of 30
22. Question
What should every organization dependent on technological resources for its survival have
Correct
Every organization dependent on technological resources for its survival should have a comprehensive business continuity plan in place to ensure the sustained viability of the organization when unforeseen emergencies take place. There are a number of important concepts that
underlie solid business continuity planning practices, including project scope and planning,
business impact assessment, continuity planning, and approval and implementationIncorrect
-
Question 23 of 30
23. Question
What kind of prohibitions does criminal law contain
Correct
Criminal law forms the bedrock of the body of laws that preserve the peace and keep our
society safe. Many high-profile court cases involve matters of criminal law; these are the
laws that the police and other law enforcement agencies concern themselves with. Criminal
law contains prohibitions against acts such as murder, assault, robbery, and arson. Penalties
for violating criminal statutes fall in a range that includes mandatory hours of community
service, monetary penalties in the form of fines (small and large), and deprivation of civil
liberties in the form of prison sentencesIncorrect
-
Question 24 of 30
24. Question
For what are civil laws designed and does it require an impartial arbiter
Correct
Civil laws form the bulk of our body of laws. They are designed to provide for an orderly
society and govern matters that are not crimes but that require an impartial arbiter to settle
between individuals and organizations. Examples of the types of matters that may be judged
under civil law include contract disputes, real estate transactions, employment matters, and
estate/probate procedures. Civil laws also are used to create the framework of government
that the executive branch uses to carry out its responsibilitiesIncorrect
-
Question 25 of 30
25. Question
The protection of intellectual property rights of inventors Is named
Correct
Patents protect the intellectual property rights of inventors. They provide a period of 20
years during which the inventor is granted exclusive rights to use the invention (whether directly or via licensing agreements). At the end of the patent exclusivity period, the invention
is in the public domain available for anyone to useIncorrect
-
Question 26 of 30
26. Question
What are the three major categories of law that impact information security professionals
Correct
There are three major categories of law that impact information security professionals. Criminal law outlines the rules and sanctions for major violations of the public
trust. Civil law provides us with a framework for conducting business. Government
agencies use administrative law to promulgate the day-to-day regulations that interpret
existing law and HIPAA Security Rule, that affects specific industries and data typesIncorrect
-
Question 27 of 30
27. Question
What kind of data does the information that isn’t public or unclassified represent
Correct
Sensitive data is any information that isn’t public or unclassified. It can include confidential,
proprietary, protected, or any other type of data that an organization needs to protect due to
its value to the organization, or to comply with existing laws and regulations.Incorrect
-
Question 28 of 30
28. Question
What kind of information is Personally identifiable information (PII) is any information that can identify an individual
Correct
Personally identifiable information (PII) is any information that can identify an individual.
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-122
provides a more formal definition:
Any information about an individual maintained by an agency, including
(1) any information that can be used to distinguish or trace an individual’s
identity, such as name, social security number, date and place of birth,
mother’s maiden name, or biometric records; and
(2) any other information that is linked or linkable to an individual, such
as medical, educational, financial, and employment informationIncorrect
-
Question 29 of 30
29. Question
What kind of information does Protected health information (PHI) represent any health-related information that can be related to a
specific personCorrect
Protected health information (PHI) is any health-related information that can be related to a
specifi c person. In the United States, the Health Insurance Portability and Accountability Act
(HIPAA) mandates the protection of PHI. HIPAA provides a more formal defi nition of PHI:
Health information means any information, whether oral or recorded in
any form or medium, that—
(A) is created or received by a health care provider, health plan, public
health authority, employer, life insurer, school or university, or health care
clearinghouse; and
(B) relates to the past, present, or future physical or mental health or
condition of any individual, the provision of health care to an individual,
or the past, present, or future payment for the provision of health care to
an individualIncorrect
-
Question 30 of 30
30. Question
How we call a process of removing all relevant data so that it is impossible to identify the original
subject or personCorrect
Anonymization
is the process of removing all relevant data so that it is impossible to identify the original
subject or person. If done effectively, the GDPR is no longer relevant for the anonymized
data. However, it can be diffi cult to truly anonymize the data. Data inference techniques may
be able to identify individuals, even if personal data is removedIncorrect