Why could an organisation's "clear desk" policy be seen as a good example of "security as an enabler"?

The removal of confidential information from desks reduces the chances of opportunistic theft, and keeps it available to the business.

Clear desks allow staff to "hot desk" making them less likely static "sitting" targets for cyber-attacks.

Conformance to data protection laws will be enhanced by not using paper files

Which of the following is NOT considered an "accidental threat" to information systems?

A disgruntled employee destroying backup files

An unexpected flood due to abnormal rainfall

A building fire in Corporate Data Centre

A person clicking the wrong button

Which of the following can be considered an "internal threat"?

Compromised supplier connected to an organisation's order system

Cybercriminal blackmailing a service provider with a denial of service attack

Employee's laptop compromised by a malicious drive by infection from a website

Theft of login credentials from a restaurant's free Wi-Fi hotspot

When customer PII (Personal Identifiable Information) has been stolen from an organisation's online store using SQL Injection, where can the vulnerability that led to this exploit usually be found?

In the database connected to the organisation's ecommerce website

In the organisation's firewall rules

In an employee's laptop connected to Wi-Fi

In the organisation's internal email server

When a financial institution that has been the victim of a sophisticated cyberattack, which of the following is the MOST LIKELY outcome of an impact assessment of typical realised threats?

Loss of confidence by financial investors

Increased business opportunity for attracting more investment

New intrusion detection software purchased

Increased bonus for the financial institutions CEO

What are the four main components of a risk management process used in the CORRECT life-cycle order?

Identify, Analyse, Treat and Monitor

Assess, Verify, Treat and Maintain

Identify, Quantify, Validate and Monitor

Monitor, Analyse, Assess and Treat

When undertaking a quantitative risk assessment of an ongoing denial of service threat to an information system, what type of evidence is LIKELY to form part of that assessment?

Statistical chance of another attack reoccurring

Descriptive analysis of the system's capabilities

Closed questionnaire for the system administrator

Firewall rule documentation protecting the information system

A financial institution is concerned that it may be at risk of cybercriminals stealing PII (personal Identifiable Information) stored on the organisation's web server. To address this issue they have adopted a risk mitigation strategy. Which of the following would support this strategy?

Taking out Cyber Liability insurance

What is one of the KEY reasons for appointing a Chief Information Security Officer (CISO) at Boardroom level?

Single Point of Responsibility for Information Assurance

A typical CIO cannot be trusted with security

To ensure a bottom up security culture

To ensure compliance with data protection regulations

For an organisation looking to develop an information assurance strategy, which of the following is the MAIN difference between a security policy and standard?

A policy sets out what needs to be done - a standard sets out how the policy should be implemented

A standard only offers guidance whilst a policy is obligatory

A policy contains implementation specific detail and a standard offers only generic detail

A policy details specific work instructions and a standard offers only high level objectives

When developing an information security strategy, which of the following would NOT be a consideration?

Log of recent security incidents

Expected developments in software and hardware

Legal, compliance and audit requirements

Trends in threats and vulnerabilities

From a legal perspective, which of the following is considered to be misuse of a computer?

Illegal interception of information

Theft of a computer laptop from the boot of a car

Use of one's own computer for cryptomining

Using a computer to access the Dark Web

Under what circumstances might it be legal for an employer to monitor an employee's online communication?

When a statement is included in the organisation's information assurance policy or employee's contract of employment

An employer can monitor communications whenever or however they want without ever informing the employee

The use of Data Protection (e.g. GDPR) laws allows the employer to monitor communications whenever they like

When an employee is using online communications outside of normal office hours

When collecting digital evidence which may be required to be used in a court of law, which of the following principles is considered BEST practice?

Any digital forensics investigator handling digital evidence must be competent to do so

Digital evidence can only be handled by a member of law enforcement

Digital evidence may be altered under supervision by another investigator

When transferring encrypted information or cryptography based tools between one legal jurisdiction to another, according to ISO/IEC 27000 series, which of the following is NOT a factor which should be considered?

Restrictions on the transmission of symmetric and/or asymmetric keys over communication networks

Restrictions on import and export of computer hardware and software for performing cryptographic functions

Restrictions on import and export of computer hardware and software that is designed to have cryptographic functions added to it

Mandatory or discretionary methods of access by the countries authorities to information encrypted by computer hardware or software to provide confidentiality of content

What are the TYPICAL stages of an information lifecycle?

Create, Store, Retrieve, Use, Remove

Create, Clone, Copy, Print, File

Create, Use, Store, Retrieve, Delete

Copy, Store, Use, Print, Delete

The information lifecycle articulates a "publishing" or use of information stage. Which of these actions occurs within this stage?

Sending a tweet advertising an event

Locking an "actioned" letter in a filing cabinet

Which of the following BEST represents the main components of the DevOps model?

Software Development, Quality Assurance and Operations

Hardware Development, Product Management and Operations

Brand Development, Testing and Security Operations

Software Development, Change Management and Security Operations

Which four architecture domains are commonly accepted as the subsets of an overall enterprise architecture supported by TOGAF?

Technology, data, application and business

Business, information, technology and application

Application, data, infrastructure and business

Technology, application, integration and business

Which of the following risks is NOT associated with using third party libraries when developing software applications?

Risk that in house development routines have not been patched

Risk that malware toolkits can be written into untrusted libraries

Risk that common cryptographic routines may reveal secure data

Risk that software libraries have not been tested by the user community

When considering suitable content for an organisation's End User Code of Practice, which of the following is NOT a suitable topic for inclusion?

An employee's individual contractual hours

When work computers can be used for browsing the web

The need to report all security based incidents

Which of the following SHOULD a business consider when managing the risks of third party suppliers' information security?

Ability to audit a third party supplier complying with contractual security requirements

Ability to undertake a random vulnerability assessment of third party systems

Ability to undertake the security vetting of key employees

Ability to demand the declaration of third party suppliers private keys

Cyber Mock

Authored by Michaela Flowers

Other

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

55 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following techniques is used to ensure confidentiality?

Encryption

Hashing

Encapsulation

Authentication

Answer explanation

Encryption is used as it converts plain text to cipher text and vice versa.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following can be defined as a threat?

The likelihood of a cybercriminal getting caught

The probability that a cyber attack will be successful

Answer explanation

A threat is a communicated intent to inflict harm or loss on another person.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is the function of specifying user access rights/privileges to computing resources?

Authentication

Enabling

Accounting

Duplication

Answer explanation

Enabling is the authority or means to do something; make it possible for a user to access a computing resource.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which concept describes the amount of confidence that an organisation has that its controls satisfy the necessary security requirements?

Assurance

Governance

Non-repudiation

Trust

Answer explanation

Assurance is defined as a positive declaration intended to give confidence; a promise.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which information security principle requires that an organisation SHOULD implement overlapping security controls wherever feasibly possible?

Separation of Duties

Fail Safe Configuration

Web of Trust

Answer explanation

Defence in depth is a concept used in Information security in which multiple layers of security controls are placed throughout an information technology system.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

With the increasing global operation of many corporate organisations, which of the following is LIKELY to be the more important consideration with respect to information security?

Understanding that different countries have differing legislation with respect to how information can be handled

Ensuring that for all countries that an organisation has an office in, will all operate in the same time zone

Ensuring that regional preferences for security related hardware and software are adhered to

Storing all corporate data only in one country where an organisations central office is located

Answer explanation

As legislation is likely to vary between countries it must be the most important consideration.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Whilst drafting a company's information security policy, what would be an important consideration?

The policy should be a standalone document

The policy must be integral to all areas of an organisation

The policy should only be visible to senior management

The policy only applies to staff handling confidential information

Answer explanation

A company policy should apply to all areas of an organisation.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

60 questions

Calif. drivers permit test

Quiz

•

10th Grade - Professi...

50 questions

logos

Quiz

•

KG - Professional Dev...

60 questions

Working Capital CCP Exam Quiz

Quiz

•

Professional Development

50 questions

PRE TEST

Quiz

•

Professional Development

51 questions

FELE Subtest 1 Comp 1

Quiz

•

Professional Development

50 questions

Health Policy and Planning SPH5223 (test 1)

Quiz

•

University - Professi...

50 questions

CAT IPMB KEMENAG 2022

Quiz

•

Professional Development

60 questions

SOALAN KIMPALAN SET A

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Other

44 questions

Would you rather...

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

14 questions

Valentine's Day Trivia!

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

Cyber Mock

Which of the following techniques is used to ensure confidentiality?

Encryption is used as it converts plain text to cipher text and vice versa.

Which of the following can be defined as a threat?

A threat is a communicated intent to inflict harm or loss on another person.

Which of the following is the function of specifying user access rights/privileges to computing resources?

Enabling is the authority or means to do something; make it possible for a user to access a computing resource.

Which concept describes the amount of confidence that an organisation has that its controls satisfy the necessary security requirements?

Assurance is defined as a positive declaration intended to give confidence; a promise.

Which information security principle requires that an organisation SHOULD implement overlapping security controls wherever feasibly possible?

Defence in depth is a concept used in Information security in which multiple layers of security controls are placed throughout an information technology system.

With the increasing global operation of many corporate organisations, which of the following is LIKELY to be the more important consideration with respect to information security?

As legislation is likely to vary between countries it must be the most important consideration.

Whilst drafting a company's information security policy, what would be an important consideration?

A company policy should apply to all areas of an organisation.

Why could an organisation's "clear desk" policy be seen as a good example of "security as an enabler"?

Clear desk policy enables better security by ensuring all documents including confidential ones are not left out on desks.

Legislation in individual countries such as the Sarbanes-Oxley in the USA and the Companies Act (UK) have had the effect of strengthening corporate responsibility for risk management.
Who now has this ultimate responsibility?

Corporate board has the ultimate responsibility for risks in the eyes of the law.

Within any organisation, from both an information assurance and "security culture" perspective, whose responsibility is information security?

Security is everyone’s responsibility.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

Cyber Mock

Which of the following techniques is used to ensure confidentiality?

Encryption is used as it converts plain text to cipher text and vice versa.

Which of the following can be defined as a threat?

A threat is a communicated intent to inflict harm or loss on another person.

Which of the following is the function of specifying user access rights/privileges to computing resources?

Enabling is the authority or means to do something; make it possible for a user to access a computing resource.

Which concept describes the amount of confidence that an organisation has that its controls satisfy the necessary security requirements?

Assurance is defined as a positive declaration intended to give confidence; a promise.

Which information security principle requires that an organisation SHOULD implement overlapping security controls wherever feasibly possible?

Defence in depth is a concept used in Information security in which multiple layers of security controls are placed throughout an information technology system.

With the increasing global operation of many corporate organisations, which of the following is LIKELY to be the more important consideration with respect to information security?

As legislation is likely to vary between countries it must be the most important consideration.

Whilst drafting a company's information security policy, what would be an important consideration?

A company policy should apply to all areas of an organisation.

Why could an organisation's "clear desk" policy be seen as a good example of "security as an enabler"?

Clear desk policy enables better security by ensuring all documents including confidential ones are not left out on desks.

Legislation in individual countries such as the Sarbanes-Oxley in the USA and the Companies Act (UK) have had the effect of strengthening corporate responsibility for risk management.Who now has this ultimate responsibility?

Corporate board has the ultimate responsibility for risks in the eyes of the law.

Within any organisation, from both an information assurance and "security culture" perspective, whose responsibility is information security?

Security is everyone’s responsibility.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other

Legislation in individual countries such as the Sarbanes-Oxley in the USA and the Companies Act (UK) have had the effect of strengthening corporate responsibility for risk management.
Who now has this ultimate responsibility?