CISM Chapter 1

Professional Development

•

10 Qs

Similar activities

FINAL QUIZ

Professional Development

•

10 Qs

BJT - BASICS

Professional Development

•

15 Qs

Presentasi dan Follow Up

Professional Development

•

10 Qs

Tools of KPI

Professional Development

•

10 Qs

Town Hall 2020 Quiz

Professional Development

•

10 Qs

Applied Networking

Professional Development

•

10 Qs

FUTURES THINKING & SCENARIO PLANNING

Professional Development

•

10 Qs

Emerging Tech

Professional Development

•

15 Qs

CISM Chapter 1

Quiz

•

Professional Development

•

Professional Development

•

Hard

Anna Löfgren

Used 9+ times

FREE Resource

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The entity that is ultimately responsible for security governance is:

Chief information officer

Chief information security officer

Board of directors

Chief risk officer

Answer explanation

Correct answer:
"Board of directors"
The organization’s board of directors is ultimately responsible for security
governance.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An acceptable use policy is likely to contain all of the following except:

Rules regarding the use of personally owned assets

Permitted uses of corporate assets

Data retention requirements

Protection of sensitive information

Answer explanation

Correct answer:
"Data retention requirements"
An acceptable use policy (AUP) is likely to contain statements about the use
of corporate assets, personally owned assets, and information protection. Data
retention requirements are not likely to be included.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The best definition of governance is:

Corporate policies and procedures

Management control of business functions

Regular reporting of metrics and key performance indicators (KPIs)

Formal roles and responsibilities documented in a RACI chart

Answer explanation

Correct answer:
"Management control of business functions"
Governance is best defined as management’s control over business functions
throughout an organization.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Under what circumstances would an organization elect to disregard a regulation and pay fines instead of complying?

The cost of the fines is less than the cost of compliance.

The cost of compliance is less than the cost of fines.

Management elected to transfer the risk.

Management elected to avoid the risk.

Answer explanation

Correct answer:
"The cost of the fines is less than the cost of compliance."

While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A database administrator (DBA) is typically responsible for all of the following except which one?

Database performance tuning

Database troubleshooting

Database capacity management

Database design

Answer explanation

Correct answer:
"Database design"

The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the most appropriate person or group to determine applicability of a cybersecurity-related regulation?

Chief information security officer (CISO)

Chief legal counsel

Chief information risk officer (CIRO)

Security governance committee

Answer explanation

Correct answer:
"Chief legal counsel"
Only legal counsel should be determining applicability of potentially relevant laws and regulations.
None of the other is an appropriate party to interpret regulations.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A business executive has delegated responsibility for granting access requests to the IT department. The IT department in this role is functioning as the:

Accountable

Owner

Custodian

User

Answer explanation

Correct answer is:
"Custodian"
IT is acting as a custodian in the access request process for the business application.
The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

By signing up, you agree to our Terms of Service & Privacy Policy

Already have an account?

Similar Resources on Wayground

9 questions

What works in lessons for you?

Quiz

•

Professional Development

10 questions

IBEX A-ISB

Quiz

•

Professional Development

15 questions

Q1 Introduction to Python

Quiz

•

Professional Development

10 questions

Operate Scissor Lift

Quiz

•

Professional Development

10 questions

QUIZ SUSTENTABILIDADE

Quiz

•

Professional Development

15 questions

REVISED CODE OF CONDUCT QUIZ BEE

Quiz

•

Professional Development

10 questions

Recap unit 201

Quiz

•

Professional Development

10 questions

IPPS CPEA Pre-Test Quiz 2020

Quiz

•

Professional Development

Popular Resources on Wayground

20 questions

Halloween Trivia

Quiz

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

Order of Operations

Quiz

•

5th Grade

20 questions

Halloween

Quiz

•

5th Grade

16 questions

Halloween

Quiz

•

3rd Grade

12 questions

It's The Great Pumpkin Charlie Brown

Quiz

•

1st - 5th Grade

20 questions

Possessive Nouns

Quiz

•

5th Grade

10 questions

Halloween Traditions and Origins

Interactive video

•

5th - 10th Grade

Discover more resources for Professional Development

5 questions

11.4.25 Student Engagement & Discourse

Lesson

•

Professional Development

CISM Chapter 1

10 questions

The entity that is ultimately responsible for security governance is:

Correct answer:
"Board of directors"
The organization’s board of directors is ultimately responsible for security
governance.

An acceptable use policy is likely to contain all of the following except:

Correct answer:
"Data retention requirements"
An acceptable use policy (AUP) is likely to contain statements about the use
of corporate assets, personally owned assets, and information protection. Data
retention requirements are not likely to be included.

The best definition of governance is:

Correct answer:
"Management control of business functions"
Governance is best defined as management’s control over business functions
throughout an organization.

Under what circumstances would an organization elect to disregard a regulation and pay fines instead of complying?

Correct answer:
"The cost of the fines is less than the cost of compliance."

While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

A database administrator (DBA) is typically responsible for all of the following except which one?

Correct answer:
"Database design"

The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

What is the most appropriate person or group to determine applicability of a cybersecurity-related regulation?

Correct answer:
"Chief legal counsel"
Only legal counsel should be determining applicability of potentially relevant laws and regulations.
None of the other is an appropriate party to interpret regulations.

A business executive has delegated responsibility for granting access requests to the IT department. The IT department in this role is functioning as the:

Correct answer is:
"Custodian"
IT is acting as a custodian in the access request process for the business application.
The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

What is the purpose of information security governance?

Correct answer:
"To give management visibility into and control of information security matters"
The purpose of security governance is to give management (specifically, executive management) visibility into and control of all things related to information security.

Who should be accountable for the success of an organization’s information security program?

Correct answer:
"Board of directors or equivalent governing body"
The board of directors or equivalent governing body must bear ultimate responsibility for the success of an organization’s information security program.

Who should approve access requests to a particular application that stores and processes customer information?

Correct answer:
"Business owner or their delegate"
The best party to approve access requests to an application is the business owner of the application, who may be an executive or department head. Sometimes, however, this responsibility may be delegated to others.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

CISM Chapter 1

10 questions

The entity that is ultimately responsible for security governance is:

Correct answer:"Board of directors"The organization’s board of directors is ultimately responsible for securitygovernance.

An acceptable use policy is likely to contain all of the following except:

Correct answer:"Data retention requirements"An acceptable use policy (AUP) is likely to contain statements about the useof corporate assets, personally owned assets, and information protection. Dataretention requirements are not likely to be included.

The best definition of governance is:

Correct answer:"Management control of business functions"Governance is best defined as management’s control over business functionsthroughout an organization.

Under what circumstances would an organization elect to disregard a regulation and pay fines instead of complying?

Correct answer:"The cost of the fines is less than the cost of compliance."While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

A database administrator (DBA) is typically responsible for all of the following except which one?

Correct answer:"Database design"The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

What is the most appropriate person or group to determine applicability of a cybersecurity-related regulation?

Correct answer:"Chief legal counsel"Only legal counsel should be determining applicability of potentially relevant laws and regulations.None of the other is an appropriate party to interpret regulations.

A business executive has delegated responsibility for granting access requests to the IT department. The IT department in this role is functioning as the:

Correct answer is:"Custodian"IT is acting as a custodian in the access request process for the business application.The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

What is the purpose of information security governance?

Correct answer:"To give management visibility into and control of information security matters"The purpose of security governance is to give management (specifically, executive management) visibility into and control of all things related to information security.

Who should be accountable for the success of an organization’s information security program?

Correct answer:"Board of directors or equivalent governing body"The board of directors or equivalent governing body must bear ultimate responsibility for the success of an organization’s information security program.

Who should approve access requests to a particular application that stores and processes customer information?

Correct answer:"Business owner or their delegate"The best party to approve access requests to an application is the business owner of the application, who may be an executive or department head. Sometimes, however, this responsibility may be delegated to others.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Correct answer:
"Board of directors"
The organization’s board of directors is ultimately responsible for security
governance.

Correct answer:
"Data retention requirements"
An acceptable use policy (AUP) is likely to contain statements about the use
of corporate assets, personally owned assets, and information protection. Data
retention requirements are not likely to be included.

Correct answer:
"Management control of business functions"
Governance is best defined as management’s control over business functions
throughout an organization.

Correct answer:
"The cost of the fines is less than the cost of compliance."

While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

Correct answer:
"Database design"

The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

Correct answer:
"Chief legal counsel"
Only legal counsel should be determining applicability of potentially relevant laws and regulations.
None of the other is an appropriate party to interpret regulations.

Correct answer is:
"Custodian"
IT is acting as a custodian in the access request process for the business application.
The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

Correct answer:
"To give management visibility into and control of information security matters"
The purpose of security governance is to give management (specifically, executive management) visibility into and control of all things related to information security.

Correct answer:
"Board of directors or equivalent governing body"
The board of directors or equivalent governing body must bear ultimate responsibility for the success of an organization’s information security program.

Correct answer:
"Business owner or their delegate"
The best party to approve access requests to an application is the business owner of the application, who may be an executive or department head. Sometimes, however, this responsibility may be delegated to others.