- All Exams Instant Download
Regulatory requirements typically force organizations to implement
Regulatory requirements typically force organizations to implementA . Mandatory controls B. Discretionary controls C. Optional controls D. Financial controlsView AnswerAnswer: A
Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?
Which of the following represents the HIGHEST negative impact resulting from an ineffective security governance program?A . Reduction of budget B. Decreased security awareness C. Improper use of information resources D. Fines for regulatory non-complianceView AnswerAnswer: D
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?
Which of the following is used to establish and maintain a framework to provide assurance that information security strategies are aligned with organizational objectives?A . Awareness B. Compliance C. Governance D. ManagementView AnswerAnswer: C
Which of the following has the GREATEST impact on the implementation of an information security governance model?
Which of the following has the GREATEST impact on the implementation of an information security governance model?A . Organizational budget B. Distance between physical locations C. Number of employees D. Complexity of organizational structureView AnswerAnswer: D
An organization's Information Security Policy is of MOST importance because
An organization's Information Security Policy is of MOST importance becauseA . it communicates management’s commitment to protecting information resources B. it is formally acknowledged by all employees and vendors C. it defines a process to meet compliance requirements D. it establishes a framework to protect confidential informationView AnswerAnswer: A
One of the MAIN goals of a Business Continuity Plan is to
One of the MAIN goals of a Business Continuity Plan is toA . Ensure all infrastructure and applications are available in the event of a disaster B. Allow all technical first-responders to understand their roles in the event of a disaster C. Provide step by step plans to recover business...
What role should the CISO play in properly scoping a PCI environment?
What role should the CISO play in properly scoping a PCI environment?A . Validate the business units’ suggestions as to what should be included in the scoping process B. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment C. Ensure internal scope validation is...
Which of the following is the MOST likely reason for the policy shortcomings?
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely...
Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?
Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?A . Audit and Legal B. Budget and Compliance C. Human Resources and Budget D. Legal and Human ResourcesView AnswerAnswer: A
What is the definition of Risk in Information Security?
What is the definition of Risk in Information Security?A . Risk = Probability x Impact B. Risk = Threat x Probability C. Risk = Financial Impact x Probability D. Risk = Impact x ThreatView AnswerAnswer: A
