Question 1.1.(TCO 1) Why is it important to prepare written policies?(Points : 4)
It lets the policies be communicated more easily.
This helps to ensure consistency.
A policy is part of the corporate culture.
It is required by law.
Question 2.2.(TCO 2) Which of the following is NOT a threat to data confidentiality?(Points : 4)
Hackers
Encryption
Improper access controls
Social engineering
Question 3.3.(TCO 1) Which of the following is MOST likely to reflect the policy audience for a corporate ethics policy at Acme Manufacturing?(Points : 4)
All Acme Manufacturing employees and all vendors and service providers
All full- and part-time employees of Acme Manufacturing and its subsidiaries
The Acme Manufacturing board of directors
The finance, human resources, and marketing departments of Acme Manufacturing
Question 4.4.(TCO 2) Which of the following are all federal regulations?(Points : 4)
Sarbanes-Oxley, IEEE 802.11, and NIST 800-34
GLBA, HIPAA, and Sarbanes-Oxley
GLBA, HIPAA, and IEEE 802.11
GLBA, NIST 800-34, and Sarbanes-Oxley
Question 5.5.(TCO 1) When should information security policies, procedures, standards, and guidelines be revisited?(Points : 4)
As indicated in the policy
Never; once they are written and published, they must be adhered to
Annually
When dictated by change drivers
Question 6.6.(TCO 2) What is a valid definition of data integrity?(Points : 4)
Knowing that the data on the screen have not been tampered with
Data that are encrypted
Data that have not been accessed by unauthorized users
The knowledge that the data are transmitted in ciphertext only
Question 7.7.(TCO 1) What should be the consequences of information security policy violations?(Points : 4)
Always up to, and including, termination
Immediate revocation of all user privileges
Commensurate with the criticality of information the policy was written to protect
Violations cited in the persons annual performance review
Question 8.8.(TCO 2) Match the following terms to their meanings.
(Points : 4)
Potential Matches:
1 :List of actions that employees are not allowed to perform while using company-provided equipment
2 :Any event that impacts culture, procedures, and activities within an organization
3 :Introduction to the policy document
4 :Policy about a policy
Answer
:Change driver
:Acceptable use agreement
:Statement of authority
:Security policy document policy
Question 9.9.(TCO 1) Which of the following best describes how the penalties defined in the Policy Enforcement Clause should relate to the infractions?(Points : 4)
Any infraction should result in suspension or termination.
The same penalty should apply each time an infraction occurs.
The penalty should be proportional to the level of risk incurred as a result of the infraction.
Penalties should be at the discretion of management.
Question 10.10.(TCO 2) Data integrity is(Points : 4)
protecting the data from intentional or accidental disclosure.
making sure the data are always available when legitimately needed.
protecting the data from intentional or accidental modification.
making sure the data are always transmitted in encrypted format.
Question 11.11.(TCO 1) Which is the worst that may happen if information security policies are out of date or address technologies no longer used in the organization?(Points : 4)
People may take the policies less seriously or dismiss them entirely.
Executive management may become upset.
The company may incur unnecessary costs to change them.
People may not know which policy applies.
Question 12.12.(TCO 2) Which of the following federal regulations pertains to the medical field?(Points : 4)
FERPA
GLBA
HIPAA
SOX
Question 13.13.(TCO 1) In which of the following ways does understanding policy elements help you interpret your organizations information security policies?(Points : 4)
Awareness of policy elements helps you determine the strength of the policy and whether you should take it seriously.
If you understand policy elements, you will be able to change the policies.
Knowing the purpose and goal of each section of the policy can help you better understand the intent of the policy, as well as how the policy applies to you.
You need to know the policy elements in order to determine which parts of the policy apply to you.
Question 14.14.(TCO 2) Which of the following federal regulations pertains to the educational field?(Points : 4)
FERPA
GLBA
HIPAA
SOX
Question 15.15.(TCO 1) Which of the following is an important function of the statement of authority?(Points : 4)
It provides a bridge between an organizations core values and security strategies.
It indicates who to talk to if you want to request a change in the policy.
It describes the penalties for policy infractions.
It references standards, guidelines, and procedures that the reader can consult for clarification of the policy.