Filters
Question type
Study Flashcards

A set of security tests and evaluations that simulate attacks by a malicious external source is known as ____________.


A)  ​vulnerability assessment 
B)  ​penetration testing 
C)  ​exploit identification 
D)  ​safeguard neutralization

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

Internal and external stakeholders such as customers,suppliers,or employees who interact with the information in support of their organization's planning and operations  are known as ____________.


A)  ​data owners 
B)  ​data custodians 
C)  ​data users 
D)  ​data generators

E) C) and D)
F) B) and C)

Correct Answer

verifed

verified

Enterprise risk management is a valuable approach that can better align security functions with the business mission while offering opportunities to lower costs.

A) True
B) False

Correct Answer

verifed

verified

In which phase of the SecSDLC does the risk management task occur? 


A)  physical design
B)  implementation 
C)  investigation
D)  analysis

E) B) and C)
F) A) and B)

Correct Answer

verifed

verified

Which model of SecSDLC does the work product from each phase fall into the next phase to serve as its starting point? 


A)  modular continuous
B)  elementary cyclical 
C)  time-boxed circular
D)  traditional waterfall

E) B) and D)
F) All of the above

Correct Answer

verifed

verified

According to the Corporate Governance Task Force (CGTF) ,during which phase in the IDEAL model and framework does the organization plan the specifics of how it will reach its destination? 


A)  Initiating
B)  Establishing 
C)  Acting
D)  Learning

E) C) and D)
F) None of the above

Correct Answer

verifed

verified

Which of the following set the direction and scope of the security process and provide detailed instruction for its conduct? 


A)  system controls
B)  technical controls 
C)  operational controls
D)  managerial controls

E) B) and C)
F) C) and D)

Correct Answer

verifed

verified

Which of the following is an information security governance responsibility of the Chief Security Officer? 


A)  Communicate policies and the program 
B)  Set security policy, procedures, programs and training 
C)  Brief the board, customers and the public 
D)  Implement policy, report security vulnerabilities and breaches

E) None of the above
F) All of the above

Correct Answer

verifed

verified

Which type of planning is used to organize the ongoing,day-to-day performance of tasks? 


A)  Strategic
B)  Tactical 
C)  Organizational
D)  Operational

E) A) and B)
F) All of the above

Correct Answer

verifed

verified

The primary goal of external monitoring is to maintain an informed awareness of the state of all of the organization's networks,information systems,and information security defenses.

A) True
B) False

Correct Answer

verifed

verified

A project manager who understands project management,personnel management,and InfoSec technical requirements  is needed to fill the role of a(n) ____________.


A)  ​champion 
B)  ​end user 
C)  ​team leader 
D)  ​policy developer

E) A) and D)
F) A) and C)

Correct Answer

verifed

verified

Penetration testing is often conducted by penetration testers-consultants or outsourced contractors who might be referred to as red teams.

A) True
B) False

Correct Answer

verifed

verified

Showing 41 - 52 of 52

Related Exams

Exam 1

Introduction to the Management of Information Security

63 Questions

Exam 2

Compliance: Law and Ethics

50 Questions

Exam 4

Information Security Policy

56 Questions

Exam 5

Developing the Security Program

65 Questions

Exam 6

Risk Management: Identifying and Assessing Risk

60 Questions

Exam 7

Risk Management: Controlling Risk

60 Questions

Exam 8

Security Management Models

60 Questions

Exam 9

Security Management Practices

59 Questions

Exam 10

Planning for Contingencies

60 Questions

Exam 11

Personnel and Security

60 Questions

Exam 12

Protection Mechanisms

61 Questions

Show Answer