(TCO 1) Why is it important to prepare written policies?
It lets the policies be communicated more easily.
This helps to ensure consistency.
A policy is part of the corporate culture.
It is required by law.
Flag this Question
Question 24 pts
(TCO 2) The goal of protecting confidentiality is to
prevent the unauthorized disclosure of sensitive information.
prevent the authorized disclosure of sensitive information.
prevent the unauthorized disclosure of public information.
prevent the authorized disclosure of public information.
Flag this Question
Question 34 pts
(TCO 1) The disciplinary process indicated in an information security policy enforcement clause usually includes which of the following most severe punishments?
Dismissal or criminal prosecution
Loss of one month’s pay
Demotion to a lower level
Transfer to another division in the company
Flag this Question
Question 44 pts
(TCO 2) Which of the following is the best example of an acceptable password?
T0yot@tRuck
May12345
FredD
HappyDeyz
Flag this Question
Question 54 pts
(TCO 1) Which is the best way to foster acceptance of a new policy?
Involve people in policy development by conducting interviews.
Give everyone a copy of the policy after it is written.
Ensure it is detailed enough that everyone will understand it.
Hold meetings to explain it.
Flag this Question
Question 64 pts
(TCO 2) What is a valid definition of data integrity?
Knowing that the data on the screen have not been tampered with
Data that are encrypted
Data that have not been accessed by unauthorized users
The knowledge that the data are transmitted in ciphertext only
Flag this Question
Question 74 pts
(TCO 1) Which is the preferred approach to organizing information security policies, procedures, standards, and guidelines?
Combine policies and procedures.
Keep the policy documents separate from the procedures, standards, and guidelines.
Combine standards and guidelines.
Keep them all separate.
Flag this Question
Question 84 pts
(TCO 2) Match the following ISO 17799:2000 domains to their definitions.
Security policy
[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security programOrganizational security
[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security programAsset classification and contro
[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security programPersonnel security
[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security programPhysical and environmental security
[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security programFlag this Question
Question 94 pts
(TCO 1) Which of the following best describes how policy exception requests should be handled?
Requestors should only be notified after their exception requests are approved.
Requestors should always receive a response to any request, whether approved or not.
Requestors should be notified why their exception requests were denied so they can do a better job the next time.
Requestors should be able to count on a 7-day turnaround on any policy exception request.
Flag this Question
Question 104 pts
(TCO 2) An employee accidentally makes changes to a company-owned file. This is known as a violation of
data confidentiality.
data integrity.
data availability.
data authorization.
Flag this Question
Question 114 pts
(TCO 1) Why is it important to remind people about best practice information security behaviors?
This approach is a mandatory requirement of information security policies.
Reminders are the least expensive way to ensure compliance with policies.
It ensures they are aware that management is watching them.
Reminders reinforce their knowledge and help them better understand expectations.
Flag this Question
Question 124 pts
(TCO 2) The ISO standard known as Managing Organizational Security includes several categories. Which of the following is NOT one of them?
Organizational Security Controls
Information Security Infrastructure
Identification of Risks from Third Parties
Security Requirements for Outsourcing
Flag this Question
Question 134 pts
(TCO 1) Who should issue the statement of authority?
The IT manager
All the information owners
All the employees
The CEO, president, or chairman of the board
Flag this Question
Question 144 pts
(TCO 2) Data availability is the assurance that
only authorized users will gain access to a resource.
all data stored on a hard drive are encrypted.
all sensitive data stored on a hard drive are encrypted.
data and systems are accessible anytime they are needed.
Flag this Question
Question 154 pts
(TCO 1) Which of the following is an important function of the statement of authority?
It provides a bridge between an organization’s core values and security strategies.
It indicates who to talk to if you want to request a change in the policy.
It describes the penalties for policy infractions.
It references standards, guidelines, and procedures that the reader can consult for clarification of the policy.