1. What are the two schools of thought regarding policy format?
A. A separate document for each policy, or one large document with multiple sections
B. Use Microsoft Word, or Adobe Acrobat
C. The ISO approach, or the OSI approach
D. One large document with multiple sections or one large document
2. Where should the penalty for violating a policy be listed?
A. In the first chapter of the Employee Handbook
B. In the policy enforcement clause within the policy
C. In the policy violation penalties document
D. In the policy enforcement document
3. Which of the following are all federal regulations?
A. Sarbanes-Oxley, IEEE 802.11, NIST 800-34
B. GLBA, HIPAA, and Sarbanes-Oxley
C. GLBA, HIPAA, and IEEE 802.11
D. GLBA, NIST 800-34, and Sarbanes-Oxley
4. Which of the following is NOT a way in which the number of policy exceptions reflect on the quality of a policy?
A. Too many exceptions to a valid rule in a policy may mean that there is a loophole in the policy.
B. Too many exceptions to a rule in a policy may mean that the rule is inappropriate.
C. Too many exceptions to a rule in a policy may mean that employees perceive the rule as unimportant.
D. Too many exceptions to a valid rule may cause employees to feel that favoritism is being extended to some, but not all, employees
5. In what way is a speed limit like a standard?
A. They are not alike at all
B. A standard, like a speed limit, is always expressed in numeric form
C. A speed limit, like a standard, is very definite, and required
D. Both are suggested levels of performance
6. Which of the following is the best example of an acceptable password?
A. T0yot@tRuck
B. May12345
C. FredD
D. HappyDeyz
7. Which of the following is an outline of a complete policy?
A. Purpose, Objectives, Policy, Exceptions, and Disciplinary Actions
B. Objectives, Purpose, Policy, Exceptions, and Disciplinary Actions
C. Objectives, Purpose, Audience, Policy, Exceptions, and Procedures
D. Objectives, Purpose, Audience, Policy, Exceptions, and Disciplinary Actions
8. Which of the following is a good rule of thumb for including definitions in a policy?
A. Always include a definitions section at the end of a policy
B. Include definitions for any instance of non-standard language
C. Provide the definition of any non-standard word in parentheses after the words first appearance
D. Cite sources of information about non-standard terms in the policys bibliography
9. Which of the following is the best definition of a policy audience?
A. All employees granted unescorted access to the companys computer room
B. All headquarters employees
C. Any employee in the computer room
D. Only those employees in the computer room
10. Which of the following should you strive for in the policy statement, in order to have a well-written policy?
A. Contain areas that address every aspect of operations and information, and every area affecting the organizations information assets
B. Spell check the document to avoid typographical errors
C. Include applicable standards, guidelines, and procedures within the policy document
D. Describe everything in laymans terms, so that it is clear the policy is a statement of everyones intent