Q1.When assessing an organization's security policy according to standards established by the International
Organization for Standardization (ISO) 27001 and 27002, when can management responsibilities be defined?
- A: Only when assets are clearly defined
- B: Only when standards are defined
- C: Only when controls are put in place
- D: Only procedures are defined
Q2.Which of the following types of technologies would be the MOST cost-effective method to provide a reactive
control for protecting personnel in public areas?
- A: Install mantraps at the building entrances
- B: Enclose the personnel entry area with polycarbonate plastic
- C: Supply a duress alarm for personnel exposed to the public
- D: Hire a guard to protect the public area
Q3.An important principle of defense in depth is that achieving information security requires a balanced focus on
which PRIMARY elements?
- A: Development, testing, and deployment
- B: Prevention, detection, and remediation
- C: People, technology, and operations
- D: Certification, accreditation, and monitoring
Q4.Intellectual property rights are PRIMARY concerned with which of the following?
- A: Owner's ability to realize financial gain
- B: Owner's ability to maintain copyright
- C: Right of the owner to enjoy their creation
- D: Right of the owner to control delivery method
Q5.A control to protect from a Denial-of-Service (DoS) attach has been determined to stop 50% of attacks, and
additionally reduces the impact of an attack by 50%. What is the residual risk?
- A: 25%
- B: 50%
- C: 75%
- D: 100%
Q6.In The Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data
over a communications network?
- A: Physical Layer
- B: Application Layer
- C: Data-Link Layer
- D: Network Layer
Q7.What is the term commonly used to refer to a technique of authentication one machine to another by forging
packets from a trusted source?
- A: Smurfing
- B: Man-in-the-Middle (MITM) attack
- C: Session redirect
- D: Spoofing
Q8.Which of the following entails identification of data and links to business processes, applications, and data
stores as well as assignment of ownership responsibilities?
- A: Security governance
- B: Risk management
- C: Security portfolio management
- D: Risk assessment
Q9.Which of the following mandates the amount and complexity of security controls applied to a security risk?
- A: Security vulnerabilities
- B: Risk tolerance
- C: Risk mitigation
- D: Security staff
Q10.In a data classification scheme, the data is owned by the
- A: system security managers
- B: business managers
- C: Information Technology (IT) managers
- D: end users