Which security principle is violated?
A hacker gains access to a web server and reads the credit card numbers stored on that server. Which security principle is violated?A . AvailabilityB . ConfidentialityC . IntegrityD . AuthenticityView AnswerAnswer: B Explanation: Confidentiality is one of the security principles that states that only authorized parties should have access...
What is a qualitative risk analysis?
A couple of years ago you started your company which has now grown from 1 to 20 employees. Your company’s information is worth more and more and gone are the days when you could keep control yourself. You are aware that you have to take measures, but what should they...
Changes on project-managed applications or database should undergo the change control process as documented.
Changes on project-managed applications or database should undergo the change control process as documented.A . TrueB . FalseView AnswerAnswer: A Explanation: Changes on project-managed applications or database should undergo the change control process as documented, because this is a requirement of ISO/IEC 27001:2022 clause 12.1.2, which states that “the organization...
Which of the following does a lack of adequate security controls represent?
Which of the following does a lack of adequate security controls represent?A . AssetB . VulnerabilityC . ImpactD . ThreatView AnswerAnswer: B Explanation: A lack of adequate security controls represents a vulnerability, which is a weakness or flaw in an asset or its protection that can be exploited by a...
What is a reason for the classification of information?
What is a reason for the classification of information? A. To provide clear identification tags B. To structure the information according to its sensitivity C. Creating a manual describing the BYOD policyView AnswerAnswer: B Explanation: The reason for the classification of information is to structure the information according to its...
An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR.
An employee caught with offense of abusing the internet, such as P2P file sharing or video/audio streaming, will not receive a warning for committing such act but will directly receive an IR. A. True B. FalseView AnswerAnswer: A Explanation: According to ISO/IEC 27001:2022, clause A.8.1.5, the organization should establish and...
Which factor is [b]not[/b] important for determining the value of data for an organization?
In order to take out a fire insurance policy, an administration office must determine the value of the data that it manages. Which factor is [b]not[/b] important for determining the value of data for an organization? A. The content of data. B. The degree to which missing, incomplete or incorrect...
What is the relationship between data and information?
What is the relationship between data and information?A . Data is structured information.B . Information is the meaning and value assigned to a collection of data.View AnswerAnswer: B Explanation: The relationship between data and information is that information is the meaning and value assigned to a collection of data. Data...
After a fire has occurred, what repressive measure can be taken?
After a fire has occurred, what repressive measure can be taken?A . Extinguishing the fire after the fire alarm soundsB . Buying in a proper fire insurance policyC . Repairing all systems after the fireView AnswerAnswer: A Explanation: A repressive security measure is a measure that aims to stop or...
What should you do?
There is a scheduled fire drill in your facility. What should you do?A . Participate in the drillB . Excuse yourself by saying you have an urgent deliverableC . Call in sickD . None of the aboveView AnswerAnswer: A Explanation: You should participate in the drill, because this is part...