15 Questions
What control can Alyssa put in place to protect against the risk of outdated content in her organization’s security awareness program?
Content reviews
In Gavin's report to management, what term best describes the current level of risk to the organization after adopting security controls?
Residual risk
Which law governs the actions that Francine must take regarding the copyright claim she received?
Digital Millennium Copyright Act
What law governs the actions that Francine must take regarding the copyright claim she received?
Digital Millennium Copyright Act
Which law governs actions related to copyright claims for online service providers?
Digital Millennium Copyright Act
What is the term for the level of risk remaining after security controls have been implemented?
Residual risk
Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?
The right to be forgotten
After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
Transfer
Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?
Student identification number
Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for information security matters?
Personal liability rule
Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: 'Advance and protect the profession.' Who may bring ethics charges against Henry for this violation?
Any certified or licensed professional may bring charges.
Wanda is working with one of her organization’s European Union business partners to facilitate the exchange of customer information. Wanda’s organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?
Standard contractual clauses
Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?
GLBA
Tim’s organization recently received a contract to conduct sponsored research as a government contractor. What law now likely applies to the information systems involved in this contract?
FISMA
Chris is advising travelers from his organization who will be visiting many different countries. What is a potential concern that Chris should advise the travelers about regarding cybersecurity?
Increased risk of identity theft
Test your knowledge of security awareness program and risk assessment in the context of Security and Risk Management (Domain 1). Answer questions related to protecting against outdated content in security awareness program and identifying results of a risk assessment report.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free