Question 1

With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:

Options :

A : Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information and how it is used, endorsement by the board of directors

B : Annual security training for all employees, continual budget reviews, endorsement of the development and implementation of a security program, metrics to track the program

C : Understanding criticality of information and information security, review investment in information security, endorse development and implementation of a security program, and require regular reports on adequacy and effectiveness

D : Endorsement by the board of directors for security program, metrics of security program milestones, annual budget review, report on integration and acceptance of program

Answer: C

Question 2

A security manager regualrly checks work areas after buisness hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

Options :

A : Audit validation

B : Physical control testing

C : Compliance management

D : Security awareness training

Answer: C

Question 3

As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?

Options :

A : Nothing, this falls outside your area of influence.

B : Close and chain the door shut and send a company-wide memo banning the practice.

C : Have a risk assessment performed.

D : Post a guard at the door to maintain physical security

Answer: C

Question 4

What does RACI stand for?

Options :

A : Reasonable, Actionable, Controlled, and Implemented

B : Responsible, Actors, Consult, and Instigate

C : Responsible, Accountable, Consulted, and Informed

D : Review, Act, Communicate, and Inform

Answer: C

Question 5

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and

uses the special card in order to access the restricted area of the target company. Just as the employee opens

the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so

that he can enter. What is the best way to undermine the social engineering activity of tailgating?

Options :

A : Post a sign that states, ''no tailgating'' next to the special card reader adjacent to the secure door

B :

Issue special cards to access secure doors at the company and provide a one-time only brief description of

use of the special card

C : Educate and enforce physical security policies of the company to all the employees on a regular basis

D : Setup a mock video camera next to the special card reader adjacent to the secure door

Answer: C