(TCO 1) Why is it important to prepare written policies?

It lets the policies be communicated more easily.

This helps to ensure consistency.

A policy is part of the corporate culture.

It is required by law.

Flag this Question

Question 24 pts

(TCO 2) The goal of protecting confidentiality is to

prevent the unauthorized disclosure of sensitive information.

prevent the authorized disclosure of sensitive information.

prevent the unauthorized disclosure of public information.

prevent the authorized disclosure of public information.

Flag this Question

Question 34 pts

(TCO 1) The disciplinary process indicated in an information security policy enforcement clause usually includes which of the following most severe punishments?

Dismissal or criminal prosecution

Loss of one months pay

Demotion to a lower level

Transfer to another division in the company

Flag this Question

Question 44 pts

(TCO 2) Which of the following is the best example of an acceptable password?

T0yot@tRuck

May12345

FredD

HappyDeyz

Flag this Question

Question 54 pts

(TCO 1) Which is the best way to foster acceptance of a new policy?

Involve people in policy development by conducting interviews.

Give everyone a copy of the policy after it is written.

Ensure it is detailed enough that everyone will understand it.

Hold meetings to explain it.

Flag this Question

Question 64 pts

(TCO 2) What is a valid definition of data integrity?

Knowing that the data on the screen have not been tampered with

Data that are encrypted

Data that have not been accessed by unauthorized users

The knowledge that the data are transmitted in ciphertext only

Flag this Question

Question 74 pts

(TCO 1) Which is the preferred approach to organizing information security policies, procedures, standards, and guidelines?

Combine policies and procedures.

Keep the policy documents separate from the procedures, standards, and guidelines.

Combine standards and guidelines.

Keep them all separate.

Flag this Question

Question 84 pts

(TCO 2) Match the following ISO 17799:2000 domains to their definitions.

Security policy

[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security program

Organizational security

[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security program

Asset classification and contro

[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security program

Personnel security

[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security program

Physical and environmental security

[ Choose ] Involves creating an inventory of all data and data systems Implement controls for secure hiring and termination of staff Establish and support a management framework for information security Design and maintenance of a secure environment to prevent damage and unauthorized access to the business premises Provides direction and support for the information security program

Flag this Question

Question 94 pts

(TCO 1) Which of the following best describes how policy exception requests should be handled?

Requestors should only be notified after their exception requests are approved.

Requestors should always receive a response to any request, whether approved or not.

Requestors should be notified why their exception requests were denied so they can do a better job the next time.

Requestors should be able to count on a 7-day turnaround on any policy exception request.

Flag this Question

Question 104 pts

(TCO 2) An employee accidentally makes changes to a company-owned file. This is known as a violation of

data confidentiality.

data integrity.

data availability.

data authorization.

Flag this Question

Question 114 pts

(TCO 1) Why is it important to remind people about best practice information security behaviors?

This approach is a mandatory requirement of information security policies.

Reminders are the least expensive way to ensure compliance with policies.

It ensures they are aware that management is watching them.

Reminders reinforce their knowledge and help them better understand expectations.

Flag this Question

Question 124 pts

(TCO 2) The ISO standard known as Managing Organizational Security includes several categories. Which of the following is NOT one of them?

Organizational Security Controls

Information Security Infrastructure

Identification of Risks from Third Parties

Security Requirements for Outsourcing

Flag this Question

Question 134 pts

(TCO 1) Who should issue the statement of authority?

The IT manager

All the information owners

All the employees

The CEO, president, or chairman of the board

Flag this Question

Question 144 pts

(TCO 2) Data availability is the assurance that

only authorized users will gain access to a resource.

all data stored on a hard drive are encrypted.

all sensitive data stored on a hard drive are encrypted.

data and systems are accessible anytime they are needed.

Flag this Question

Question 154 pts

(TCO 1) Which of the following is an important function of the statement of authority?

It provides a bridge between an organizations core values and security strategies.

It indicates who to talk to if you want to request a change in the policy.

It describes the penalties for policy infractions.

It references standards, guidelines, and procedures that the reader can consult for clarification of the policy.