Podcast
Questions and Answers
Joe is authoring a document that explains to system administrators one way in which they might comply with the organization's requirement to encrypt all laptops. What type of document is Joe writing?
Joe is authoring a document that explains to system administrators one way in which they might comply with the organization's requirement to encrypt all laptops. What type of document is Joe writing?
- Policy
- Guideline (correct)
- Procedure
- Standard
Which one of the following statements is not true about compensating controls under PCI DSS?
Which one of the following statements is not true about compensating controls under PCI DSS?
- Controls used to fulfill one PCI DSS requirement may be used to compensate for the absence of a control needed to meet another requirement. (correct)
- Controls must meet the intent of the original requirement.
- Controls must meet the rigor of the original requirement.
- Compensating controls must provide a similar level of defense as the original requirement.
What law creates privacy obligations for those who handle the personal information of European Union residents?
What law creates privacy obligations for those who handle the personal information of European Union residents?
- HIPAA
- FERPA
- GDPR (correct)
- PCI DSS
Which one of the following is not one of the five core security functions defined by the NIST Cybersecurity Framework?
Which one of the following is not one of the five core security functions defined by the NIST Cybersecurity Framework?
What ISO standard provides guidance on privacy controls?
What ISO standard provides guidance on privacy controls?
Which one of the following documents must normally be approved by the CEO or similarly high-level executive?
Which one of the following documents must normally be approved by the CEO or similarly high-level executive?
Greg would like to create an umbrella agreement that provides the security terms and conditions for all future work that his organization does with a vendor. What type of agreement should Greg use?
Greg would like to create an umbrella agreement that provides the security terms and conditions for all future work that his organization does with a vendor. What type of agreement should Greg use?
What organization is known for creating independent security benchmarks covering hardware and software platforms from many different vendors?
What organization is known for creating independent security benchmarks covering hardware and software platforms from many different vendors?
What do many organizations use to schedule and coordinate changes for information systems?
What do many organizations use to schedule and coordinate changes for information systems?
Which one of the following would not normally be found in an organization's information security policy?
Which one of the following would not normally be found in an organization's information security policy?
Alice, an IT security manager at Acme Corporation, decides to conduct an exercise to test the employees' ability to recognize phishing emails. She creates fake phishing messages and sends them to the employees. When employees click on the links in the fake messages, they are redirected to a training program. What is the primary purpose of the exercise that Alice is conducting?
Alice, an IT security manager at Acme Corporation, decides to conduct an exercise to test the employees' ability to recognize phishing emails. She creates fake phishing messages and sends them to the employees. When employees click on the links in the fake messages, they are redirected to a training program. What is the primary purpose of the exercise that Alice is conducting?
Tonya discovers that an employee is running a side business from his office, using company technology resources. What policy would most likely contain information relevant to this situation?
Tonya discovers that an employee is running a side business from his office, using company technology resources. What policy would most likely contain information relevant to this situation?
What compliance obligation applies to merchants and service providers who work with credit card information?
What compliance obligation applies to merchants and service providers who work with credit card information?
Mike is an information security manager at TechRise Solutions. The company has been experiencing an increase in security incidents, and senior management is concerned about the security posture of the organization. They have asked Mike to take proactive measures to strengthen the company's security culture. What should be Mike's primary role in enhancing the security awareness and training at TechRise Solutions?
Mike is an information security manager at TechRise Solutions. The company has been experiencing an increase in security incidents, and senior management is concerned about the security posture of the organization. They have asked Mike to take proactive measures to strengthen the company's security culture. What should be Mike's primary role in enhancing the security awareness and training at TechRise Solutions?
Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin's need?
Colin would like to implement a security control in his accounting department that is specifically designed to detect cases of fraud that are able to occur despite the presence of other security controls. Which one of the following controls is best suited to meet Colin's need?
Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?
Which one of the following security policy framework components does not contain mandatory guidance for individuals in the organization?
Rachel is the Head of Security at WebCraft Inc. She wants to create both security training and awareness programs. Which statement best captures the difference between these programs?
Rachel is the Head of Security at WebCraft Inc. She wants to create both security training and awareness programs. Which statement best captures the difference between these programs?
Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?
Allan is developing a document that lists the acceptable mechanisms for securely obtaining remote administrative access to servers in his organization. What type of document is Allan writing?
Which one of the following is not a common use of the NIST Cybersecurity Framework?
Which one of the following is not a common use of the NIST Cybersecurity Framework?
Which one of the following items is not normally included in a request for an exception to security policy?
Which one of the following items is not normally included in a request for an exception to security policy?
Flashcards
Capital of France (example flashcard)
Capital of France (example flashcard)
Paris
