Question 1

Complete
Mark 1.00 out of 1.00
Question text
Which of the following is not a part of risk analysis?
Select one:
a. Choose the best countermeasure
b. Identify risks
c. Quantify the impact of potential threats
d. Provide an economic balance between the impact of the risk and the cost of the
associated countermeasures

Question 4
Complete
Mark 1.00 out of 1.00
Question text
What is the BEST method for mitigating against network denial of service (DoS) attacks?
Select one:
a. Ensure all servers are up-to-date on as patches
b. Employ packet filtering to drop suspect packets
c. Implement load balancing for Internet facing devices
d. Implement network address translation to make internal addresses nonroutable

Question 5
Complete
Mark 1.00 out of 1.00
Question text
You work in the office of a large company. You receive a call from a person claiming to be
from the Helpdesk. He asks you for your password. What kind of threat is this?
Select one:
a. Natural threat
b. Social Engineering
c. Organizational threat

Question 6
Complete
Mark 1.00 out of 1.00
Question text
Most computer attacks result in violation of which of the following security properties?
Select one:
a. All of the choices
b. Confidentiality
c. Integrity and control
d. Availability

Question 8
Complete
Mark 1.00 out of 1.00
Question text
Which one of the following is not one of the outcomes of a vulnerability analysis?
Select one:
a. Formal approval of BCP scope and initiation document
b. Defining critical support areas
c. Qualitative loss assessment
d. Quantative loss assessment

Question 9
Complete
Mark 1.00 out of 1.00
Question text
A new worm has been released on the Internet. After investigation, you have not been able to
determine if you are at risk of exposure. Management is concerned as they have heard that a
number of their counterparts are being affected by the worm. How could you determine if
you are at risk?
Select one:
a. Contact your anti-virus vendor
b. Discuss threat with a peer in another organization

c. Evaluate evolving environment.

d. Wait for notification from an anti-virus vendor

Question 10
Complete
Mark 1.00 out of 1.00
Question text
Which of the following is a key area of the ISO 27001 framework?
Select one:
a. Operational risk assessment
b. Financial crime metrics
c. Business continuity management
d. Capacity management

Question 15
Complete
Mark 1.00 out of 1.00
Question text
Making sure that the data is accessible when and where it is needed is which of the
following?
Select one:
a. Integrity
b. Confidentiality
c. Availability
d. Acceptability

Question 16
Complete
Mark 1.00 out of 1.00
Question text
Which of the following choices is NOT part of a security policy?
Select one:
a. definition of general and specific responsibilities for information security management
b. description of specific technologies used in the field of information security

c. statement of management intend, supporting the goals and principles of information

security
d. definition of overall steps of information security and the importance of security

Question 17
Complete
Mark 1.00 out of 1.00
Question text
Security is a process that is:
Select one:
a. Abnormal
b. Examined
c. Indicative
d. Continuous

Question 18
Complete
Mark 1.00 out of 1.00
Question text
Information security is the protection of data. Information will be protected mainly based
on:
Select one:
a. Its value
b. Its confidentiality
c. All of the choices
d. Its sensitivity to the company

Question 23
Complete
Mark 1.00 out of 1.00
Question text
The computer room is protected by a pass reader. Only the System Management department
has a pass. What type of security measure is this?
Select one:
a. a physical security measure

b. a repressive security measure

c. a logical security measure
d. a corrective security measure

Question 24
Complete
Mark 1.00 out of 1.00

Flag question
Question text
Why is it necessary to keep a disaster recovery plan up to date and to test it regularly?
Select one:
a. Because otherwise, in the event of a far-reaching disruption, the measures taken and
the incident procedures planned may not be adequate or may be outdated.
b. In order to be able to cope with daily occurring faults.
c. In order to always have access to recent backups that are located outside the office.
d. Because this is required by Personal Data Protection legislation.

Started on

Wednesday, 14 January 2015, 5:00 PM

State

Finished

Completed on

Wednesday, 14 January 2015, 5:18 PM

Time taken

18 mins 1 sec

Overdue

3 mins 1 sec

Marks

9.00/25.00

Grade

36.00 out of 100.00

Question 1
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which of the following would be the first step in establishing an
information security
program?
Select one:
a. Development and implementation of an information security
standards manual
b. Adoption of a corporate information security policy
statement
c. Purchase of security access control software
d. Development of a security awareness-training program
Question 2
Complete
Mark 0.00 out of 1.00
Flag question

Question text
You are the owner of the courier company SpeeDelivery. You
employ a few people who, while waiting to make a delivery, can
carry out other tasks. You notice, however, that they use this
time to send and read their private mail and surf the Internet.
In legal terms, in which way can the use of the Internet and email facilities be best regulated?
Select one:
a. Installing an application that makes certain websites no
longer accessible and that filters attachments in e-mails
b. Drafting a code of conduct for the use of the Internet and email in which the rights and obligations of both the employer
and staff are set down
c. Installing a virus scanner
d. Implementing privacy regulations
Question 3
Complete
Mark 0.00 out of 1.00
Flag question

Question text
Which must bear the primary responsibility for determining the
level of protection needed
for information systems resources?
Select one:
a. IS Security Specialists
b. Senior Management
c. System Auditors
d. Seniors Security Analysts

Question 4
Complete
Mark 0.00 out of 1.00
Flag question

Question text
Within the organizational environment, the security function
should report to an organizational level that
Select one:
a. Provides the internal audit function
b. Is an external operation
c. Has information technology oversight
d. Has autonomy from other levels
Question 5
Complete
Mark 0.00 out of 1.00
Flag question

Question text
Under which condition is an employer permitted to check if
Internet and e-mail services in the workplace are being used for
private purposes?
Select one:
a. The employer is permitted to check this if a firewall is also
installed.
b. The employer is permitted to check this if the employees are
aware that this could happen.
c. The employer is permitted to check this if the employee is
informed after each instance of checking.
Question 6
Complete
Mark 0.00 out of 1.00
Flag question

Question text
Strong authentication is needed to access highly protected
areas. In case of strong authentication the identity of a person
is verified by using three factors. Which factor is verified when
we must show our access pass?
Select one:
a. something you are
b. something you know
c. something you have
Question 7
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Organizations develop change control procedures to ensure
that
Select one:
a. Management is advised of changes made to systems
b. Changes are controlled by the Policy Control Board (PCB)
c. All changes are requested, scheduled, and completed on
time
d. All changes are authorized, tested, and recorded
Question 8
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which of the following choices is NOT part of a security policy?
Select one:
a. definition of overall steps of information security and the
importance of security
b. definition of general and specific responsibilities for
information security management
c. description of specific technologies used in the field of
information security
d. statement of management intend, supporting the goals and
principles of information security
Question 9
Complete
Mark 1.00 out of 1.00
Flag question

Question text
What is the BEST method for mitigating against network denial
of service (DoS) attacks?
Select one:
a. Employ packet filtering to drop suspect packets
b. Ensure all servers are up-to-date on as patches
c. Implement load balancing for Internet facing devices
d. Implement network address translation to make internal
addresses nonroutable
Question 10
Complete
Mark 1.00 out of 1.00
Flag question

Question text
On the basis of which legislation can someone request to
inspect the data that has been registered about him or her?

Select one:
a. Personal data protection legislation
b. Computer criminality legislation
c. Public records legislation
d. Government information (public access) legislation
Question 11
Complete
Mark 1.00 out of 1.00
Flag question

Question text
A security incident regarding a webserver is reported to a
helpdesk employee. His colleague has more experience on
webservers, so he transfers the case to her. Which term
describes this transfer?
Select one:
a. Functional escalation
b. Hierarchical escalation
Question 12
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which one of the following is the MAIN goal of a security
awareness program when addressing senior management?
Select one:
a. Provide a vehicle for communicating security procedures
b. Provide a clear understanding of potential risk and exposure
c. Provide a forum for disclosing exposure and risk analysis
d. Provide a forum to communicate user responsibilities
Question 13
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which of the following describes elements that create reliability
and stability in networks
and systems and which assures that connectivity is accessible
when needed?
Select one:
a. Availability
b. Acceptability
c. Integrity
d. Confidentiality

Question 14
Complete
Mark 0.00 out of 1.00
Flag question

Question text
Which of the following is the MOST relevant metric to include in
an information security quarterly report to the executive
committee?
Select one:
a. Security compliant servers trend report
b. Number of security patches applied
c. Security patches applied trend report
d. Percentage of security compliant servers
Question 15
Complete
Mark 1.00 out of 1.00
Flag question

Question text
You work in the IT department of a medium-sized company.
Confidential information has come into the wrong hands several
times. This has hurt the image of the company. You have been
asked to propose organizational security measures for laptops
at your company. What is the first step that you should take?
Select one:
a. Formulate a policy regarding mobile media (PDAs, laptops,
smartphones, USB sticks)
b. Set up an access control policy 12
c. Encrypt the hard disks of laptops and USB sticks
d. Appoint security personnel
Question 16
Not answered
Marked out of 1.00
Flag question

Question text
Which of the following embodies all the detailed actions that
personnel are required to
follow?
Select one:
a. Procedures
b. Guidelines
c. Standards
d. Baselines
Question 17
Not answered

Marked out of 1.00

Flag question

Question text
Most computer attacks result in violation of which of the
following security properties?
Select one:
a. Availability
b. Confidentiality
c. All of the choices
d. Integrity and control
Question 18
Not answered
Marked out of 1.00
Flag question

Question text
What is the purpose of risk management?
Select one:
a. To determine the probability that a certain risk will occur.
b. To determine the damage caused by possible security
incidents.
c. To outline the threats to which IT resources are exposed.
d. To implement measures to reduce risks to an acceptable
level.
Question 19
Not answered
Marked out of 1.00
Flag question

Question text
Which of the following are objectives of an information systems
security program?
Select one:
a. Threats, vulnerabilities, and risks
b. Integrity, confidentiality, and availability
c. Authenticity, vulnerabilities, and costs
d. Security, information value, and threats
Question 20
Not answered
Marked out of 1.00
Flag question

Question text
A security policy would include all of the following EXCEPT
Select one:
a. enforcement
b. audit requirements

c. background
d. scope statement
Question 21
Not answered
Marked out of 1.00
Flag question

Question text
Within an organization the security officer detects that a
workstation of an employee is infected with malicious software.
The malicious software was installed due to a targeted Phishing
attack. Which action is the most beneficial to prevent such
incidents in the future?
Select one:
a. Implementing MAC technology
b. Start a security awareness program
c. Update the firewall rules
d. Update the signatures of the spamfilter
Question 22
Not answered
Marked out of 1.00
Flag question

Question text
In order to take out a fire insurance policy, an administration
office must determine the value of the data that it manages.
Which factor is not important for determining the value of data
for an organization?
Select one:
a. The content of data.
b. The indispensability of data for the business processes.
c. The importance of the business processes that make use of
the data.
d. The degree to which missing, incomplete or incorrect data
can be recovered.
Question 23
Not answered
Marked out of 1.00
Flag question

Question text
Which of the following is most relevant to determining the
maximum effective cost of
access control?
Select one:
a. management's perceptions regarding data importance
b. the cost to replace lost data

c. the value of information that is protected

d. budget planning related to base versus incremental spending
Question 24
Not answered
Marked out of 1.00
Flag question

Question text
What is an example of a human threat?
Select one:
a. a lightning strike
b. phishing
c. fire
Question 25
Not answered
Marked out of 1.00
Flag question

Question text
What is the function of a corporate information security policy?
Select one:
a. Define the main security objectives which must be achieved
and the security framework to meet business objectives
b. Issue corporate standard to be used when addressing
specific security problems
c. Issue guidelines in selecting equipment, configuration,
design, and secure operations
d. Define the specific assets to be protected and identify the
specific tasks which must be completed to secure them

THE PREINEXUS E-TEST

Prei Nexus5
Home My courses Tes Bidang INFORMATIKA DAN KOMPUTER
PREI-ETA-005
General Tes Profisiensi Pengetahuan B (25 soal, 15 menit)
dalam Bahasa Inggris

PREI-ETA-005: AHLI
KEAMANAN SISTEM
INFORMASI (Information

System Security
Expert)

Started on Wednesday, 14 January 2015, 3:16 PM

State Finished
Completed on Wednesday, 14 January 2015, 3:31 PM
Time taken 15 mins
Marks 12.00/25.00
Grade 48.00 out of 100.00
Question 1
Complete
Mark 1.00 out of 1.00
Flag question

Developing a successful business case for the acquisition of

information security software
products can BEST be assisted by:
Select one:
a. assessing the frequency of incidents.
b. quantifying the cost of control failures.
c. comparing spending against similar organizations.
d. calculating return on investment (ROI) projections.
Question 2
Complete
Mark 1.00 out of 1.00
Flag question

Risk is commonly expressed as a function of the

Select one:
a. Systems vulnerabilities and the cost to mitigate
b. Likelihood that the harm will occur and its potential impact
c. Computer system-related assets and their costs
d. Types of countermeasures needed and the system's
vulnerabilities
Question 3
Complete
Mark 0.00 out of 1.00
Flag question

In order to take out a fire insurance policy, an administration

office must determine the value of
the data that it manages. Which factor is not important for
determining the value of data for an
organization?
Select one:

a. The content of data.

b. The indispensability of data for the business processes.
c. The importance of the business processes that make use of
the data.
d. The degree to which missing, incomplete or incorrect data
can be recovered.
Question 4
Complete
Mark 0.00 out of 1.00
Flag question

Who is authorized to change the classification of a document?

Select one:
a. The administrator of the document
b. The author of the document
c. The manager of the owner of the document
d. The owner of the document
Question 5
Complete
Mark 1.00 out of 1.00
Flag question

Organizations develop change control procedures to ensure

that
Select one:
a. Changes are controlled by the Policy Control Board (PCB)
b. All changes are authorized, tested, and recorded
c. All changes are requested, scheduled, and completed on
time
d. Management is advised of changes made to systems
Question 6
Complete
Mark 0.00 out of 1.00
Flag question

Which one of the following is the MOST crucial link in the

computer security chain?
Select one:
a. Access Controls
b. Awareness Programs
c. People
d. Management
Question 7
Complete
Mark 1.00 out of 1.00
Flag question

Which one of the following is not one of the outcomes of a

vulnerability analysis?
Select one:
a. Defining critical support areas
b. Formal approval of BCP scope and initiation document
c. Quantative loss assessment
d. Qualitative loss assessment
Question 8
Complete
Mark 1.00 out of 1.00
Flag question

In physical security multiple expanding zones (protection rings)

can be applied in which different
measures can be taken. What is not a protection ring?
Select one:
a. Outer ring
b. Middle ring
c. Object
d. Building
Question 9
Complete
Mark 0.00 out of 1.00
Flag question

A desktop computer that was involved in a computer security

incident should be secured as
evidence by:
Select one:
a. encrypting local files and uploading exact copies to a secure
server.
b. disconnecting the computer from all power sources.
c. copying all files using the operating system (OS) to writeonce media.
d. disabling all local user accounts except for one administrator.
Question 10
Complete
Mark 0.00 out of 1.00
Flag question

All of the following are basic components of a security policy

EXCEPT the
Select one:
a. statement of performance of characteristics and
requirements
b. statement of roles and responsibilities
c. definition of the issue and statement of relevant terms
d. statement of applicability and compliance requirements

Question 11
Complete
Mark 1.00 out of 1.00
Flag question

Which security measure is a technical measure?

Select one:
a. Creating a policy defining what is and is not allowed in e-mail
b. Storing system management passwords in a safe
c. Allocating information to an owner
d. Encryption of files
Question 12
Complete
Mark 0.00 out of 1.00
Flag question

When an organization is using an automated tool to manage

and house its business continuity
plans, which of the following is the PRIMARY concern?
Select one:
a. Versioning control as plans are modified
b. Ensuring accessibility should a disaster occur
c. Broken hyperlinks to resources stored elsewhere
d. Tracking changes in personnel and plan assets
Question 13
Complete
Mark 1.00 out of 1.00
Flag question

A security incident regarding a webserver is reported to a

helpdesk employee. His colleague has
more experience on webservers, so he transfers the case to
her. Which term describes this
transfer?
Select one:
a. Hierarchical escalation
b. Functional escalation
Question 14
Complete
Mark 1.00 out of 1.00
Flag question

What is a repressive measure in case of a fire?

Select one:
a. Repairing damage caused by the fire
b. Putting out a fire after it has been detected by a fire detector
c. Taking out a fire insurance
Question

15

Complete
Mark 0.00 out of 1.00
Flag question

Which type of malware builds a network of contaminated

computers?
Select one:
a. Spyware
b. Storm Worm or Botnet
c. Trojan
d. Logic Bomb
Question 16
Complete
Mark 0.00 out of 1.00
Flag question

Which of the following is the MOST relevant metric to include in

an information security quarterly
report to the executive committee?
Select one:
a. Percentage of security compliant servers
b. Security compliant servers trend report
c. Security patches applied trend report
d. Number of security patches applied
Question 17
Complete
Mark 1.00 out of 1.00
Flag question

What is the goal of classification of information?

Select one:
a. To create a manual about how to handle mobile devices
b. Applying labels making the information easier to recognize
c. Structuring information according to its sensitivity
Question 18
Complete
Mark 1.00 out of 1.00
Flag question

In developing a security awareness program, it is MOST

important to
Select one:
a. Understand employees preferences for information security
b. Know what security awareness products are available
c. Identify weakness in line management support
d. Understand the corporate culture and how it will affect
security
Question

19

Complete
Mark 0.00 out of 1.00
Flag question

When developing an information security policy, what is the

FIRST step that should be taken?
Select one:
a. Ensure policy is compliant with current working practices
b. Obtain copies of mandatory regulations
c. Gain management approval
d. Seek acceptance from other departments
Question 20
Complete
Mark 1.00 out of 1.00
Flag question

A well executed risk analysis provides a great deal of useful

information. A risk analysis has four
main objectives. What is not one of the four main objectives of
a risk analysis?
Select one:
a. Determining relevant vulnerabilities and threats
b. Implementing counter measures
c. Identifying assets and their value
d. Establishing a balance between the costs of an incident and
the costs of a security
measure
Question 21
Complete
Mark 0.00 out of 1.00
Flag question

A couple of years ago you started your company which has now
grown from 1 to 20 employees.
Your company's information is worth more and more and gone
are the days when you could
keep control yourself. You are aware that you have to take
measures, but what should they be?
You hire a consultant who advises you to start with a qualitative
risk analysis. What is a
qualitative risk analysis?
Select one:
a. This analysis is based on scenarios and situations and
produces a subjective view of the
possible threats.
b. This analysis follows a precise statistical probability
calculation in order to calculate exact

loss caused by damage.

Question 22
Complete
Mark 0.00 out of 1.00
Flag question

Which of the following embodies all the detailed actions that

personnel are required to
follow?
Select one:
a. Procedures
b. Standards
c. Baselines
d. Guidelines
Question 23
Complete
Mark 0.00 out of 1.00
Flag question

There was a fire in a branch of the company Midwest Insurance.

The fire department quickly
arrived at the scene and could extinguish the fire before it
spread and burned down the entire
premises. The server, however, was destroyed in the fire. The
backup tapes kept in another room
had melted and many other documents were lost for good.
What is an example of the indirect
damage caused by this fire?
Select one:
a. Burned documents
b. Burned computer systems
c. Water damage due to the fire extinguishers
d. Melted backup tapes
Question 24
Complete
Mark 0.00 out of 1.00
Flag question

Under which condition is an employer permitted to check if

Internet and e-mail services in the
workplace are being used for private purposes?
Select one:
a. The employer is permitted to check this if the employees are
aware that this could
happen.
b. The employer is permitted to check this if the employee is
informed after each instance of

checking.
c. The employer is permitted to check this if a firewall is also
installed.
Question 25
Complete
Mark 1.00 out of 1.00
Flag question

What is 'establishing whether someone's identity is correct'

called?
Select one:
a. Identification
b. Authentication
c. Authorization
Finish review
Started on

Wednesday, 14 January 2015, 6:09 PM

State

Finished

Completed on

Wednesday, 14 January 2015, 6:24 PM

Time taken

15 mins 12 secs

Marks

19.00/25.00

Grade

76.00 out of 100.00

Question 1
Complete
Mark 1.00 out of 1.00
Flag question

Question text
In developing a security awareness program, it is MOST
important to
Select one:
a. Identify weakness in line management support
b. Understand the corporate culture and how it will affect
security
c. Know what security awareness products are available
d. Understand employees preferences for information security
Question 2
Complete
Mark 1.00 out of 1.00
Flag question

Question text

You work in the office of a large company. You receive a call

from a person claiming to be from the Helpdesk. He asks you
for your password. What kind of threat is this?
Select one:
a. Natural threat
b. Organizational threat
c. Social Engineering
Question 3
Complete
Mark 1.00 out of 1.00
Flag question

Question text
In order to take out a fire insurance policy, an administration
office must determine the value of the data that it manages.
Which factor is not important for determining the value of data
for an organization?
Select one:
a. The content of data.
b. The indispensability of data for the business processes.
c. The importance of the business processes that make use of
the data.
d. The degree to which missing, incomplete or incorrect data
can be recovered.
Question 4
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which of the following would be the first step in establishing an
information security
program?
Select one:
a. Development of a security awareness-training program
b. Purchase of security access control software
c. Development and implementation of an information security
standards manual
d. Adoption of a corporate information security policy
statement
Question 5
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Under which condition is an employer permitted to check if

Internet and e-mail services in the workplace are being used for
private purposes?
Select one:
a. The employer is permitted to check this if the employees are
aware that this could happen.
b. The employer is permitted to check this if the employee is
informed after each instance of checking.
c. The employer is permitted to check this if a firewall is also
installed.
Question 6
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Risk is commonly expressed as a function of the
Select one:
a. Likelihood that the harm will occur and its potential impact
b. Computer system-related assets and their costs
c. Systems vulnerabilities and the cost to mitigate
d. Types of countermeasures needed and the system's
vulnerabilities
Question 7
Complete
Mark 1.00 out of 1.00
Flag question

Question text
The computer room is protected by a pass reader. Only the
System Management department has a pass. What type of
security measure is this?
Select one:
a. a physical security measure
b. a repressive security measure
c. a corrective security measure
d. a logical security measure
Question 8
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Who is responsible for raising awareness of the need for
adequate funding for risk action plans?
Select one:
a. Business unit management
b. Chief financial officer (CFO)

c. Information security manager

d. Chief information officer (CIO)
Question 9
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which of the following embodies all the detailed actions that
personnel are required to
follow?
Select one:
a. Guidelines
b. Baselines
c. Standards
d. Procedures
Question 10
Complete
Mark 1.00 out of 1.00
Flag question

Question text
A desktop computer that was involved in a computer security
incident should be secured as evidence by:
Select one:
a. disabling all local user accounts except for one administrator.
b. disconnecting the computer from all power sources.
c. copying all files using the operating system (OS) to writeonce media.
d. encrypting local files and uploading exact copies to a secure
server.
Question 11
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which of the following is not a compensating measure for
access violations?
Select one:
a. Business Continuity Planning
b. Backups
c. Insurance
d. Security awareness
Question 12
Complete
Mark 1.00 out of 1.00

Flag question

Question text
How is the purpose of information security policy best
described?
Select one:
a. An information security policy provides direction and support
to the management regarding information security.
b. An information security policy provides insight into threats
and the possible consequences.
c. An information security policy documents the analysis of
risks and the search for countermeasures.
d. An information security policy makes the security plan
concrete by providing it with the necessary details.
Question 13
Not answered
Marked out of 1.00
Flag question

Question text
In an organization, an Information Technology security function
should:
Select one:
a. Be lead by a Chief Security Officer and report directly to the
CEO
b. Be a function within the information systems functions of an
organization
c. Be independent but report to the Information Systems
function
d. Report directly to a specialized business unit such as legal,
corporate security or insurance
Question 14
Complete
Mark 1.00 out of 1.00
Flag question

Question text
A security incident regarding a webserver is reported to a
helpdesk employee. His colleague has more experience on
webservers, so he transfers the case to her. Which term
describes this transfer?
Select one:
a. Hierarchical escalation
b. Functional escalation
Question 15
Complete
Mark 1.00 out of 1.00

Flag question

Question text
What is the goal of classification of information?
Select one:
a. To create a manual about how to handle mobile devices
b. Structuring information according to its sensitivity
c. Applying labels making the information easier to recognize
Question 16
Complete
Mark 1.00 out of 1.00
Flag question

Question text
You are the owner of the courier company SpeeDelivery. You
have carried out a risk analysis and now want to determine
your risk strategy. You decide to take measures for the large
risks but not for the small risks. What is this risk strategy
called?
Select one:
a. Risk bearing
b. Risk neutral
c. Risk avoidance
Question 17
Not answered
Marked out of 1.00
Flag question

Question text
Which of the following is characteristic of decentralized
information security management across a geographically
dispersed organization?
Select one:
a. Better adherence to policies
b. More uniformity in quality of service
c. More savings in total operating costs
d. Better alignment to business unit needs
Question 18
Complete
Mark 0.00 out of 1.00
Flag question

Question text
When developing an information security policy, what is the
FIRST step that should be taken?
Select one:
a. Gain management approval
b. Seek acceptance from other departments

c. Obtain copies of mandatory regulations

d. Ensure policy is compliant with current working practices
Question 19
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Organizations develop change control procedures to ensure
that
Select one:
a. Management is advised of changes made to systems
b. All changes are requested, scheduled, and completed on
time
c. Changes are controlled by the Policy Control Board (PCB)
d. All changes are authorized, tested, and recorded
Question 20
Complete
Mark 1.00 out of 1.00
Flag question

Question text
What is 'establishing whether someone's identity is correct'
called?
Select one:
a. Authorization
b. Authentication
c. Identification
Question 21
Not answered
Marked out of 1.00
Flag question

Question text
When conducting a risk assessment, which one of the following
is NOT an acceptable social engineering practice?
Select one:
a. Misrepresentation
b. Subversion
c. Dumpster diving
d. Shoulder surfing
Question 22
Complete
Mark 1.00 out of 1.00
Flag question

Question text
When an organization is using an automated tool to manage

and house its business continuity plans, which of the following

is the PRIMARY concern?
Select one:
a. Versioning control as plans are modified
b. Ensuring accessibility should a disaster occur
c. Broken hyperlinks to resources stored elsewhere
d. Tracking changes in personnel and plan assets
Question 23
Not answered
Marked out of 1.00
Flag question

Question text
Which of the following would be best suited to provide
information during a review of the
controls over the process of defining IT service levels?
Select one:
a. Systems Programmer
b. Legal Stuff
c. Business Unit Manager
d. Programmer
Question 24
Not answered
Marked out of 1.00
Flag question

Question text
Which one of the following risk analysis terms characterizes the
absence or weakness of
risk-reducing safegaurd?
Select one:
a. Loss expectancy
b. Probability
c. Vulnerability
d. Threat
Question 25
Complete
Mark 1.00 out of 1.00
Flag question

Question text
Which one of the following is an important characteristic of an
information security policy?
Select one:
a. Requires the identification of information owners
b. Quantifies the effect of the loss of the information
c. Identifies major functional areas of information

d. Lists applications that support the business function