A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Assign a compliancy officer to review the merger conditions

Define additional security controls directly after the merger

Include a procurement officer in the merger team

Verify all contracts before a merger occurs

An effective information security policy should include:

General guidelines and security objectives for the organization.

Detailed technical instructions for device configuration.

A list of approved and prohibited software.

Specific technical standards for each department.

Risk management in information security should:

Reduce risks to an acceptable level in line with the organization's risk tolerance.

Eliminate all risks to protect organizational information.

Ignore risks that are deemed small or insignificant.

Be solely the responsibility of the IT team.

Under ISO 31000, the first step in the risk management cycle is:

Evaluating the effectiveness of existing controls.

Assessing the impact of each risk.

Developing a risk mitigation plan.

In the context of information security, what does Due Diligence mean?

Legal responsibility to implement reasonable security practices.

Taking proactive steps to reduce risk.

Periodically reviewing policies and procedures.

Ignoring risks based on low impact.

In a legal framework, compliance refers to:

Meeting external standards and regulations applicable to the organization.

An organization's obligation to meet internal technical standards.

Enforcing policies on individuals who violate them.

Fulfilling all customer requests without exception.

The concept of risk transference in risk management can be applied by:

Insuring organizational assets against certain losses.

A. Ignoring risks that are too costly to manage.

Moving high-risk assets to a safer location.

Enhancing hardware security across the board.

In the context of information security governance, who is responsible for setting policy direction?

The board of directors or senior leaders.

The risk that remains after all controls are applied.

A risk that can be ignored due to minimal impact.

A new risk that emerges after policy changes.

A risk that only applies to financial planning.

Which of the following is an example of a preventive control in information security?

A. Intrusion Detection System (IDS)

CISSP Domain 1

Authored by Miftah Rahman

Computers

Professional Development

Used 48+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

20 questions

Show all answers

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

All of the following items should be included FIRST in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

determine the risk of a business interruption occurring

determine the technological dependence of the business processes

Identify the operational impacts of a business interruption

Identify the financial impacts of a business interruption

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

Which of the following represents the GREATEST risk to data confidentiality?

Network redundancies are not implemented

Security awareness training is not completed

Backup tapes are generated unencrypted

Users have administrative privileges

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

A While investigating a malicious event, only six days of audit logs from the last month were available. Whatpolicy should be updated to address this problem

Retention

Reporting

Recovery

Remediation

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

Only when assets are clearly defined

Only when standards are defined

Only when controls are put in place

Only procedures are defined

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

Development, testing, and deployment

Prevention, detection, and remediation

People, technology, and operations

Certification, accreditation, and monitoring

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

25%

50%

75%

100%

MULTIPLE CHOICE QUESTION

5 mins • 5 pts

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Security Governance

Risk Management

Security Portfolio Management

Risk Assessment

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

21 questions

CÂU LỆNH WHILE

Quiz

•

Professional Development

19 questions

SC-900_Módulo 4

Quiz

•

Professional Development

16 questions

E-Commerce

Quiz

•

University - Professi...

16 questions

Scratch E

Quiz

•

1st Grade - Professio...

20 questions

Normas de cableado estructurado

Quiz

•

Professional Development

18 questions

Git-it?

Quiz

•

Professional Development

16 questions

Think it through

Quiz

•

University - Professi...

20 questions

Installing and Configuring Computer Systems 2

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for Computers

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

12 questions

Unit 5: Puerto Rico W1

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

15 questions

Balance Equations Hangers

Quiz

•

Professional Development

31 questions

Servsafe Food Manager Practice Test 2021- Part 1

Quiz

•

9th Grade - Professio...

CISSP Domain 1

All of the following items should be included FIRST in a Business Impact Analysis (BIA) questionnaire EXCEPT questions that

Which of the following represents the GREATEST risk to data confidentiality?

A While investigating a malicious event, only six days of audit logs from the last month were available. Whatpolicy should be updated to address this problem

When assessing an organization’s security policy according to standards established by the International Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?

An important principle of defense in depth is that achieving information security requires a balanced focus on which PRIMARY elements?

A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and additionally reduces the impact of an attack by 50%. What is the residual risk?

Which of the following entails identification of data and links to business processes, applications, and data stores as well as assignment of ownership responsibilities?

Which of the following mandates the amount and complexity of security controls applied to a security risk?

A security professional determines that a number of outsourcing contracts inherited from a previous merger do not adhere to the current security requirements. Which of the following BEST minimizes the risk of this happening again?

Which of the following is a direct monetary cost of a security incident?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers