What are standards in the context of security governance?

Documented specifications or requirements that define best practices, technical criteria, or performance benchmarks

Guidelines for creating policies and procedures

Rules and regulations set by the government

Informal suggestions for improving security

What is ISO/IEC 27001 an international standard for?

Information security management systems (ISMS)

Credit card information security

What does FIPS PUB 140-2 define?

Security requirements for cryptographic modules

Which of the following is NOT included in a Business Continuity Plan (BCP)?

Data backup and recovery procedures

Identification of critical business processes and assets

Individual roles and responsibilities during a business continuity event

Communication and reporting procedures during incidents

What is the primary focus of a Disaster Recovery Plan?

Recovery of IT systems and data in the event of a disaster or major disruption

Ensuring compliance with legal and regulatory requirements

Identification of critical business processes and assets

Communication and reporting procedures during incidents

Which of the following is a component of an Incident Response Plan?

Incident detection and reporting procedures

Data classification and handling guidelines

Testing and maintenance of continuity plans

Recovery time objectives (RTOs)

What does an Information Security Policy define?

The organization's approach to protecting its information assets, systems, and data

Strategies and procedures to ensure critical business functions can continue

The recovery of IT systems and data in the event of a disaster

The lifecycle phases of planning, design, development, and testing

Which policy establishes guidelines for the development and deployment of software applications within an organization?

Software Development Lifecycle (SDLC) Policy

What is the primary focus during the Requirements Gathering phase in the Waterfall model?

Gathering and documenting thorough requirements for the software system

Coding and developing the software system

Testing the software system for quality assurance

Providing ongoing support and bug fixes

What is a key characteristic of the Agile software development lifecycle (SDLC)?

Emphasis on extensive documentation

What is the purpose of daily stand-up meetings in Agile?

To promote collaboration and enhance transparency

To define action items for future sprints

What happens at the culmination of each sprint in Agile?

The development team showcases the accomplished work

The development team selects a set of requirements

What is the purpose of a Sprint Retrospective?

To identify areas for improvement and define action items

To implement selected requirements

To hold daily stand-up meetings

What does an Acceptable Use Policy (AUP) define?

The acceptable and prohibited uses of an organization's IT resources

The steps in backlog refinement

The methods of collaboration in Agile

Which of the following is NOT specified by an Acceptable Use Policy (AUP)?

Permissible and prohibited activities with IT assets

User responsibilities and expected behavior

Monitoring and enforcement mechanisms

What is the primary purpose of a Change Management Policy?

To manage changes to IT systems, infrastructure, and processes

To manage employee performance reviews

To handle customer service inquiries

To oversee marketing strategies

Which of the following is NOT a key component of the offboarding process?

Providing new employee orientation

Exit interviews and feedback collection

The deactivation of access to systems and facilities

What do procedures provide clear instructions on?

Who is responsible, what needs to be done, and how it should be done

How to increase sales and revenue

What is the purpose of playbooks in a cybersecurity incident response plan?

To provide step-by-step instructions for responding to specific incidents or scenarios

To outline the company's marketing strategy

Which of the following is NOT typically included in a playbook for a cybersecurity incident response plan?

Incident identification and categorization

Response team roles and responsibilities

Detailed response procedures and actions

What are guidelines in the context of governance?

Recommendations or suggestions for achieving a goal

Mandatory rules that must be followed

Detailed instructions for implementation

What do governance structures define within an organization or entity?

Decision-making authority and responsibilities

In a centralized governance structure, where is decision-making authority concentrated?

At the top of the organizational hierarchy

At the bottom of the organizational hierarchy

Distributed equally among all employees

What is a common characteristic of a centralized governance structure?

A single central authority makes key decisions

Decision-making is done by committees

Authority is distributed among various departments

Decisions are made by external stakeholders

In a decentralized governance structure, how is decision-making authority distributed?

It is distributed across various levels or units within the organization.

It is centralized at the top level.

It is only given to external entities.

It is not present in the organization.

What is the primary role of committees within an organization?

To handle specific responsibilities such as decision-making, oversight, or advisory roles.

To handle all financial transactions.

To oversee the marketing strategies.

To manage the day-to-day operations.

What is the main responsibility of boards of directors or governing boards?

To oversee the management and strategic direction of an organization.

To manage the daily operations of the organization.

To handle customer service issues.

What do external IT and cyber governance considerations ensure?

The security, compliance, and effectiveness of their information technology and cybersecurity practices.

The profitability of the organization.

The marketing success of the organization.

The daily operations of the organization.

What does global governance encompass?

International agreements, standards, and frameworks.

What is the focus of national governance in terms of cybersecurity?

Laws, regulations, and policies established by a country's government to govern cybersecurity, data protection, and IT practices.

International trade agreements.

What does industry-specific governance encompass?

Cybersecurity regulations, standards, and best practices tailored to specific industries.

What does legal and regulatory governance involve?

Compliance with laws and regulations

Establishing industry-specific standards

Implementing hybrid governance structures

What does local and regional governance pertain to?

Laws, regulations, and policies at municipal, state/provincial, or regional levels

International cybersecurity standards

Industry-specific best practices

SEC+ Mod 2 Part 5

Authored by Pat Johnson

Computers

12th Grade

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

64 questions

Show all answers

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

64 questions

Networking Unit 1 Exam

Quiz

•

12th Grade

60 questions

2016-জুলাই-ডিসেম্বর-অক্টোবর-ডিসেম্বর-76-কম্পিউটার অফিস এ্যা

Quiz

•

10th - 12th Grade

60 questions

Quiz 2 Latihan Soal UAS Manajemen Keamanan Sistem Informasi

Quiz

•

1st Grade - University

60 questions

TCP/IP, logica, informazione, crittografia, criptovalute

Quiz

•

12th Grade

60 questions

Doors

Quiz

•

1st Grade - Professio...

63 questions

Advanced Personal Finance Final Exam Review

Quiz

•

9th - 12th Grade

64 questions

Adobe Illustrator CC question bank

Quiz

•

9th - 12th Grade

62 questions

ÔN TẬP Giữa Kỳ Môn Tin Học 8

Quiz

•

7th Grade - University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Computers

18 questions

[AP CSP] JavaScript Programming Lesson 2025-2026

Lesson

•

9th - 12th Grade

57 questions

[AP CSP] Unit 5 Review: Internet & Cybersecurity

Quiz

•

9th - 12th Grade

SEC+ Mod 2 Part 5

What should be done with the insights gained from the change implementation process?

Use them to inform future changes and improvements in network management and operations.

What is the purpose of security and compliance checks during the change implementation process?

To ensure the change aligns with security policies and compliance requirements.

Why is feedback and adaptation important in the change management process?

To encourage feedback from team members and end-users.

What are the key elements of a successful rapid change implementation process?

Effective communication, documentation, and post-implementation validation are key elements of a successful rapid change implementation process.

What are the essential elements of effective governance, risk management, and compliance frameworks?

Standards, policies, procedures, and guidelines are the essential elements of effective governance, risk management, and compliance frameworks.

What do standards provide for organizations?

Standards provide organizations with a common framework, ensuring consistency, interoperability, and quality.

Which of the following is NOT included in cybersecurity standards?

Financial auditing is NOT included in cybersecurity standards, as it falls under financial regulations and not specific to cybersecurity measures like password standards, access control, and encryption.

What are standards in the context of security governance?

Standards in the context of security governance are documented specifications or requirements that define best practices, technical criteria, or performance benchmarks.

Which publication by the National Institute of Standards and Technology (NIST) provides guidelines for digital identity management, including password policies?

NIST SP 800-63-3 is the publication by NIST that provides guidelines for digital identity management, including password policies.

What is ISO/IEC 27001 an international standard for?

ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), making it the correct choice.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers