- All Exams Instant Download
Which of the following would be the MOST concerning?
Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights. Which of the following would be the MOST concerning?A . Failure to notify police of an attempted intrusionB . Lack of reporting of a successful denial of service attack on the network.C ....
Payment Card Industry (PCI) compliance requirements are based on what criteria?
Payment Card Industry (PCI) compliance requirements are based on what criteria?A . The size of the organization processing credit card dataB . The types of cardholder data retainedC . The duration card holder data is retainedD . The number of transactions performed per year by an organizationView AnswerAnswer: D
Who in the organization determines access to information?
Who in the organization determines access to information?A . Compliance officerB . Legal departmentC . Data OwnerD . Information security officerView AnswerAnswer: C
Which of the following is MOST important when dealing with an Information Security Steering committee?
Which of the following is MOST important when dealing with an Information Security Steering committee?A . Ensure that security policies and procedures have been vetted and approved.B . Review all past audit and compliance reports.C . Include a mix of members from different departments and staff levels.D . Review all...
Why is it vitally important that senior management endorse a security policy?
Why is it vitally important that senior management endorse a security policy?A . So that employees will follow the policy directives.B . So that they can be held legally accountable.C . So that external bodies will recognize the organizations commitment to security.D . So that they will accept ownership for...
Regulatory requirements typically force organizations to implement ____________.
Regulatory requirements typically force organizations to implement ____________.A . Financial controlsB . Mandatory controlsC . Discretionary controlsD . Optional controlsView AnswerAnswer: B
Risk is defined as:
Risk is defined as:A . Quantitative plus qualitative impactB . Asset loss times likelihood of eventC . Advisory plus capability plus vulnerabilityD . Threat times vulnerability divided by controlView AnswerAnswer: D
Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?
Which of the following is a MAJOR consideration when an organization retains sensitive customer data and uses this data to better target the organization’s products and services?A . Strong authentication technologiesB . Financial reporting regulationsC . Credit card compliance and regulationsD . Local privacy lawsView AnswerAnswer: D
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:A . Integrity and AvailabilityB . Assurance, Compliance and AvailabilityC . International ComplianceD...
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?A . Need to comply with breach disclosure lawsB . Fiduciary responsibility to safeguard credit informationC ....
