Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users’ explicit permission. According to the (ISC)² Code of Ethics, to whom does Kristal ultimately owe a duty in this situation? (D1, L1.5.1)

the governments of the countries where the company operates

While taking the certification exam for this certification, you notice another candidate for the certification cheating . What should you do? (D1, L1.5.1)

Report the candidate to (ISC)².

Nothing — each person is responsible for their own actions.

Yell at the other candidate for violating test security.

#01 Security Principle

Authored by Kim undefined

Computers

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1)

Management/Administrative control

Technical control

Physical control

Cloud control

Answer explanation

Correct. Policies, standards, processes, procedures and guidelines set by corporate administrative entities (e.g., executive- and/or mid-level management) are management/administrative controls. 

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Is it possible to avoid risk? (D1, L1.2.1)

Sometimes

Never

Answer explanation

Correct. To avoid an identified risk, stop doing what you have identified as being too risky or dangerous and not acceptable to the organization.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is meant by non-repudiation? (D1, L1.1.1)

If a user does something, they can’t later claim that they didn’t do it.

Controls to protect the organization’s reputation from harm due to inappropriate social media postings by employees, even if on their private accounts and personal time.

It is part of the rules set by administrative controls.

It is a security feature that prevents session replay attacks.

Answer explanation

Correct. To repudiate means to attempt to deny after the fact, to lie about one's actions.  

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is NOT one of the four typical ways of managing risk? (D1, L1.2.1)

Avoid

Mitigate

Conflate

Answer explanation

Correct. Conflate is not a term used to describe a way to manage risk. 

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan’s full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan’s personal information, and decides to not make the purchase. What kind of risk management approach did Siobhan make? (D1, L1.2.2)

avoidance

acceptance

mitigation

transfer

Answer explanation

Correct. This is an example of avoidance; in order to avoid the risk of unauthorized use of the personal data, Siobhan chose not to engage in the activity. 

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________. (D1, L1.4.1)

policy

standard

procedure

guideline

Answer explanation

Correct. A procedure (sometimes referred to as a "process" document) is a description of how to perform an action. It is usually written by the office/person who performs that action on a regular basis. 

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh’s company operates; the law conflicts with the company’s policies. Which governance element should Lankesh’s company follow? (D1, L1.4.2)

the law

the policy

any procedures the company has created for the particular activities affected by the law

Lankesh should be allowed to use personal and professional judgment to make the determination of how to proceed

Answer explanation

Correct. Laws are the explicit authority of the jurisdiction where any organizations operate; laws cannot be violated, regardless of internal company governance. Laws supersede everything else. 

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

Scratch

Quiz

•

KG - Professional Dev...

13 questions

ISC2 - Chapter 1 - Module 3 - G2

Quiz

•

Professional Development

11 questions

KidSS Drone Quiz

Quiz

•

Professional Development

10 questions

Asas Microsoft Word 2021

Quiz

•

2nd Grade - Professio...

10 questions

USE OF ICT IN THE LEARNING PROCESS

Quiz

•

Professional Development

12 questions

Computer Networking Fundamentals

Quiz

•

Professional Development

11 questions

DECI - M3 - W4 - Round2

Quiz

•

Professional Development

10 questions

python quiz

Quiz

•

6th Grade - Professio...

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Computers

10 questions

How to Email your Teacher

Quiz

•

Professional Development

6 questions

3RD GRADE DECLARATION OF INDEPENDENCE EXIT TICKET

Quiz

•

Professional Development

19 questions

Black History Month Trivia

Quiz

•

6th Grade - Professio...

22 questions

Multiplying Exponents with the Same Base

Quiz

•

9th Grade - Professio...

40 questions

Flags of the World

Quiz

•

KG - Professional Dev...

#01 Security Principle

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1)

Correct. Policies, standards, processes, procedures and guidelines set by corporate administrative entities (e.g., executive- and/or mid-level management) are management/administrative controls.

Is it possible to avoid risk? (D1, L1.2.1)

Correct. To avoid an identified risk, stop doing what you have identified as being too risky or dangerous and not acceptable to the organization.

What is meant by non-repudiation? (D1, L1.1.1)

Correct. To repudiate means to attempt to deny after the fact, to lie about one's actions.

Which of the following is NOT one of the four typical ways of managing risk? (D1, L1.2.1)

Correct. Conflate is not a term used to describe a way to manage risk.

Correct. This is an example of avoidance; in order to avoid the risk of unauthorized use of the personal data, Siobhan chose not to engage in the activity.

Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________. (D1, L1.4.1)

Correct. A procedure (sometimes referred to as a "process" document) is a description of how to perform an action. It is usually written by the office/person who performs that action on a regular basis.

Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh’s company operates; the law conflicts with the company’s policies. Which governance element should Lankesh’s company follow? (D1, L1.4.2)

Correct. Laws are the explicit authority of the jurisdiction where any organizations operate; laws cannot be violated, regardless of internal company governance. Laws supersede everything else.

While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do? (D1, L1.5.1)

The Preamble to the (ISC)² Code of Ethics requires that (ISC)² membership "requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior." Cheating violates this standard. (ISC)² has enforcement mechanisms for ensuring membership complies with this requirement.

The concept of “secrecy” is most related to which foundational aspect of security? (D1, L1.1.1)

Correct. Confidentiality is about limiting access to information/assets and is therefore most similar to secrecy.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

#01 Security Principle

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a: (D1, L1.3.1)

Correct. Policies, standards, processes, procedures and guidelines set by corporate administrative entities (e.g., executive- and/or mid-level management) are management/administrative controls.

Is it possible to avoid risk? (D1, L1.2.1)

Correct. To avoid an identified risk, stop doing what you have identified as being too risky or dangerous and not acceptable to the organization.

What is meant by non-repudiation? (D1, L1.1.1)

Correct. To repudiate means to attempt to deny after the fact, to lie about one's actions.

Which of the following is NOT one of the four typical ways of managing risk? (D1, L1.2.1)

Correct. Conflate is not a term used to describe a way to manage risk.

Correct. This is an example of avoidance; in order to avoid the risk of unauthorized use of the personal data, Siobhan chose not to engage in the activity.

Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________. (D1, L1.4.1)

Correct. A procedure (sometimes referred to as a "process" document) is a description of how to perform an action. It is usually written by the office/person who performs that action on a regular basis.

Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh’s company operates; the law conflicts with the company’s policies. Which governance element should Lankesh’s company follow? (D1, L1.4.2)

Correct. Laws are the explicit authority of the jurisdiction where any organizations operate; laws cannot be violated, regardless of internal company governance. Laws supersede everything else.

While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do? (D1, L1.5.1)

The Preamble to the (ISC)² Code of Ethics requires that (ISC)² membership "requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior." Cheating violates this standard. (ISC)² has enforcement mechanisms for ensuring membership complies with this requirement.

The concept of “secrecy” is most related to which foundational aspect of security? (D1, L1.1.1)

Correct. Confidentiality is about limiting access to information/assets and is therefore most similar to secrecy.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers

Correct. Policies, standards, processes, procedures and guidelines set by corporate administrative entities (e.g., executive- and/or mid-level management) are management/administrative controls. 

Correct. To avoid an identified risk, stop doing what you have identified as being too risky or dangerous and not acceptable to the organization.

Correct. To repudiate means to attempt to deny after the fact, to lie about one's actions.  

Correct. Conflate is not a term used to describe a way to manage risk. 

Correct. This is an example of avoidance; in order to avoid the risk of unauthorized use of the personal data, Siobhan chose not to engage in the activity. 

Correct. A procedure (sometimes referred to as a "process" document) is a description of how to perform an action. It is usually written by the office/person who performs that action on a regular basis. 

Correct. Laws are the explicit authority of the jurisdiction where any organizations operate; laws cannot be violated, regardless of internal company governance. Laws supersede everything else. 

Correct. Confidentiality is about limiting access to information/assets and is therefore most similar to secrecy. 