1.    This is a detailed assessment of an organization's processes and tools used to make measurements. This looks at the organization’s methods, equipment, and processes when making measurements to make sure the data from the organization is valid
    A.     Service Level Agreement (SLA)
    B.     Measurement Systems Analysis (MSA)
    C.     Memorandum of Understanding (MOU)
    D.     Business Partnership Agreement (BPA)

2.    This is a formal process to make changes to IT systems in an organization. It helps to reduce the risk of unintended consequences when making changes and provides an accounting system to document changes.
    A.     Change management
    B.     End of service (EOS)
    C.     Asset management
    D.     Data governance

3.    A/an _____ is an agreement that details the relationship between two business partners. It often defines how to share the profit and loss, responsibilities to each other, and what to do if one partner decides to leave the partnership. It also helps to settle conflicts between two business partners.
    A.     Business Partnership Agreement (BPA)
    B.     Measurement Systems Analysis (MSA)
    C.     Memorandum of Understanding (MOU)
    D.     Service Level Agreement (SLA) Standard 27001

4.    Which of the following policies is a way to prevent one employee from being successful in malicious activities at an organization?
    A.     Acceptable Use Policy (AUP)
    B.     Background checks
    C.     Job rotation
    D.     Clean desk space

5.    What kind of user training applies game design concepts to user training to make user training more engaging for employees, increase employee participation in user training, and make user training more fun?
    A.     Phishing simulations
    B.     Gamification
    C.     Computer-based training (CBT)
    D.     Capture the flag (CTF)

6.    An employee is leaving a company for another job with a competitor. Which of the following is MOST important in the process of disengagement from this employee to discourage the employee from sharing proprietary data?
    A.     Have the employee sign an Acceptable Use Policy (AUP) before leaving
    B.     Have the employee take role-based training before leaving
    C.     Have the employee rotate to another job in the company before the employee leaves
    D.     Have the employee sign a Non-Disclosure Agreement (NDA) before leaving

7.    This kind of user training is when an organization sends out fake phishing emails to test employees' recognition of phishing emails.
    A.     Computer-based training (CBT)
    B.     Gamification
    C.     Phishing simulations
    D.     Capture the flag (CTF)

8.    Which of the following policies is a way to prevent one employee from being successful in malicious activities at an organization?
    A.     User training
    B.     Non-Disclosure Agreement (NDA)
    C.     Mandatory vacations
    D.     Social media analysis

9.    Asset management is useful to prevent _____.
    A.     Data retention
    B.     Change management
    C.     Undocumented assets
    D.     Job rotation

10.    A/an _____ is a written agreement between two organizations to work towards a common goal. It is not a technical document and does not have monetary penalties. There are no strict guidelines to protect sensitive data.
    A.     Business Partnership Agreement (BPA)
    B.     Memorandum of Agreement (MOA)
    C.     Measurement Systems Analysis (MSA)
    D.     Service Level Agreement (SLA)