- All Exams Instant Download
What is the relationship between information protection and regulatory compliance?
What is the relationship between information protection and regulatory compliance?A . That all information in an organization must be protected equally. B. The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy. C. That the protection of some information...
Who is responsible for securing networks during a security incident?
Who is responsible for securing networks during a security incident?A . Chief Information Security Officer (CISO) B. Security Operations Center (SO C. Disaster Recovery (DR) manager D. Incident Response Team (IRT)View AnswerAnswer: D
From an information security perspective, information that no longer supports the main purpose of the business should be:
From an information security perspective, information that no longer supports the main purpose of the business should be:A . assessed by a business impact analysis. B. protected under the information classification policy. C. analyzed under the data ownership policy. D. analyzed under the retention policyView AnswerAnswer: D
When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?
When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?A . The asset owner B. The asset manager C. The data custodian D. The project managerView AnswerAnswer: A
The alerting, monitoring and life-cycle management of security related events is typically handled by the
The alerting, monitoring and life-cycle management of security related events is typically handled by theA . security threat and vulnerability management process B. risk assessment process C. risk management process D. governance, risk, and compliance toolsView AnswerAnswer: A
Information security policies should be reviewed:
Information security policies should be reviewed:A . by stakeholders at least annually B. by the CISO when new systems are brought online C. by the Incident Response team after an audit D. by internal audit semiannuallyView AnswerAnswer: A
Credit card information, medical data, and government records are all examples of:
Credit card information, medical data, and government records are all examples of:A . Confidential/Protected Information B. Bodily Information C. Territorial Information D. Communications InformationView AnswerAnswer: A
The Information Security Governance program MUST:
The Information Security Governance program MUST:A . integrate with other organizational governance processes B. support user choice for Bring Your Own Device (BYOD) C. integrate with other organizational governance processes D. show a return on investment for the organizationView AnswerAnswer: A
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?
A Security Operations Centre (SOC) manager is informed that a database containing highly sensitive corporate strategy information is under attack. Information has been stolen and the database server was disconnected. Who must be informed of this incident?A . Internal audit B. The data owner C. All executive staff D. Government...
Who in the organization determines access to information?
Who in the organization determines access to information?A . Legal department B. Compliance officer C. Data Owner D. Information security officerView AnswerAnswer: C
