SoCI (as it pertains to the Australian law concerned with cybersecurity) stands for:

Security of Critical Infrastructure

Statement of Comprehensive Income

Security of Critical Identities

Standard Optimum Control Integral

Which of the following can be considered mission-critical assets:

Cryptographic information, network topology, cost structure and price calculations, sales pipeline

Information or details relating directly to an individual, such as employees, customers or citizens

Proprietary algorithms, logistics arrangements, formulas, board papers

Customer profile database (containing pii), tax records, competitor analysis, non-competition agreements

What could be considered as an example of a potential security implication for the creation stage of the information lifecycle?

Photocopying board meeting notes discussing divestiture plans, e.g., to read on the train

A business user incorrectly updating the pricing points for a differentiating product

Information about a non-competition agreement stored on a personal tablet for offline reference

Misaddressing an email containing details of yet-to-be-announced redundancy plans

Leaving the recipe for a foodstuff that defines the brand of an organisation on the hard drive of a laptop sent for destruction

What are possible outcomes of a risk that has been identified and analysed in a risk management process?

Acceptance, avoidance, mitigation, transfer

Acceptance, avoidance, mitigation, transfer, residual

Acceptance, elimination, reduction, transfer

Acceptance, avoidance, elimination, mitigation, transfer

To what audience should communication about new information risks be sent?

Security steering committee and executive management

What is usually the primary objective of risk management?

Fewer and less severe security incidents

The formula to calculate the residual risk level is…

(Probability of adverse event ÷ Mitigation factor) × Impact

Probability of threat event × Impact

Probability of adverse event ÷ Mitigation factor

Probability of threat event × Mitigation factor

What is the best method for ensuring that an organisation’s security program achieves adequate business alignment?

Understand the organisation’s vision, mission statement, and objectives

Find and read the organisation’s articles of incorporation

Study the organisation’s chart of management reporting (the 'org chart')

Study the organisation’s financial chart of accounts

You have implemented a web gateway that blocks access to a social networking site. How would you categorise this type of security control?

It is a technical type of control and acts as a preventive measure

It is an administrative type of control and acts as a deterrent measure

It is an administrative type of control and acts as a preventive measure

It is a technical type of control and acts as a deterrent measure

How do you achieve layered security?

By providing a diversity of types of controls and sourcing controls from a number of different vendors

By considering the CIA triad when implementing controls

By considering the defence in depth when implementing controls

If a security control is described as administrative and compensating, what can you determine about its nature and function?

That the control is enforced by a procedure or policy that shapes the way people act and that the control mitigates its impact in some way

That the control is enforced by a technical system and that the control prevents an attack

That the control is enforced by a procedure or policy that shapes the way people act and that the control mitigates its likelihood in some way

That the control is enforced by a technical system and that the control delays an attack

An organisation’s board of directors wants to see quarterly metrics on risk reduction. What would be the best metric for this purpose?

Time to patch vulnerabilities on critical servers

Number of firewall rules triggered

Viruses blocked by antivirus programs

Packets dropped by the firewall

Which of the following metrics is the best example of a leading indicator?

Percentage of critical servers being patched within Service Level Agreements (SLAs)

Average time to mitigate security incidents

Increase in the number of attacks blocked by the Intrusion Prevention System (IPS)

Increase in the number of attacks blocked by the firewall

The purpose of control self-assessments is to:

Reinforce accountability for control effectiveness

Transfer risk to control owners

Reduce workload in internal audit

ISYS3439 - Cyber GRC

Authored by Nebs P

Other

University

Used 10+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

26 questions

Show all answers

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

The CIA triad is a prominent information security model defining which three central aspects of information security?

Confidentiality, integrity, and accountability

Classification, integrity, and accountability

Confidentiality, identity, and accessibility

Confidentiality, integrity, and availability

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

Which of vulnerability, threat, and risk would be assessed by likelihood and impact?

Vulnerability

Threat

Risk

All 3

MULTIPLE CHOICE QUESTION

20 sec • 5 pts

What are the 5 major stages of the NIST CSF?

Identify, Protect, Detect, Respond, Recover

Identify, Prevent, Detect, Respond, Recover

Identify, Protect, Deflect, Respond, Recover

Identify, Protect, Detect, Respond, Return

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Control diversity means:

That the layers of controls should combine different classes of technical and administrative controls with the range of control types

That the layers of controls should combine different classes of technical and physical controls with the range of control types

That the layers of controls should combine different classes of physical and administrative controls with the range of control types

That the layers of controls should combine different classes of technical, administrative and physical controls with the range of control types

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

Choose the option that best describes the concept of least privilege:

For a critical business function to be secure, it may be necessary to ensure that no one person can perform that function

A basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role

Enforcing a security role by separating it from the network or access by the rest of the network

Screening new employees through background checks, ensuring employees are set up with the correct privileges when they join or change job roles, and ensuring that privileges are revoked if the employee is fired or retires

MULTIPLE CHOICE QUESTION

45 sec • 5 pts

A security policy:

Defines the scope of security needed by the organisation and discusses the assets that require protection and the extent to which security solutions should go to provide the necessary protection

Is a set sequence of necessary activities that performs a specific security task or function

Provides practical guidance on how an organisation can protect their systems and data from cyber threats

Defines a minimum level of security that every system throughout the organisation must meet

MULTIPLE SELECT QUESTION

20 sec • 5 pts

Which of the following is free? (Multiple answers may apply)

ISO 27001

NIST CSF

COBIT

ITIL

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

21 questions

Who Knows Me Better No.2

Quiz

•

7th Grade - Professio...

21 questions

gw 50 spring 2025

Quiz

•

University

24 questions

CTE Router Test

Quiz

•

7th Grade - Professio...

24 questions

Engineering Economics - Elements (Exercise 4)

Quiz

•

University

24 questions

Impacts of tourism

Quiz

•

8th Grade - Professio...

21 questions

Introduction to Chinese Culture

Quiz

•

University

21 questions

GE-ELECTIV1_L1

Quiz

•

University

21 questions

Câu hỏi về chuyển đổi số trong logistics

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Other

12 questions

IREAD Week 4 - Review

Quiz

•

3rd Grade - University

7 questions

Fragments, Run-ons, and Complete Sentences

Interactive video

•

4th Grade - University

7 questions

Renewable and Nonrenewable Resources

Interactive video

•

4th Grade - University

10 questions

DNA Structure and Replication: Crash Course Biology

Interactive video

•

11th Grade - University

5 questions

Inherited and Acquired Traits of Animals

Interactive video

•

4th Grade - University

5 questions

Examining Theme

Interactive video

•

4th Grade - University

20 questions

Implicit vs. Explicit

Quiz

•

6th Grade - University

7 questions

Comparing Fractions

Interactive video

•

1st Grade - University

ISYS3439 - Cyber GRC

The CIA triad is a prominent information security model defining which three central aspects of information security?

Which of vulnerability, threat, and risk would be assessed by likelihood and impact?

What are the 5 major stages of the NIST CSF?

Control diversity means:

Choose the option that best describes the concept of least privilege:

A security policy:

Which of the following is free? (Multiple answers may apply)

SoCI (as it pertains to the Australian law concerned with cybersecurity) stands for:

Which of the following can be considered mission-critical assets:

Which of the following threat actors is typically not considered adversarial?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other