11.1.5 Practice Questions

Question 1

Question 1.
A nationwide company realizes its current standardized approach to security is not working. The different company business units need more autonomy and the ability to make decisions that meet their local needs and priorities.
What type of security governance should they follow?

answer
Governance committees
Data protection authorities
Decentralized security governance
Centralized security governance

Answer 1

Correct Answer:
Decentralized security governance

Question 2

Question 2.
A multinational company discovered its existing cybersecurity policies were no longer adequate due to evolving cybersecurity threats and updated industry regulations.
The board of directors, comprising high-ranking executives, decided to review and revise the policies.
Who should the company involve in this process?

answer
Data processor
Governance committee
Regulatory agency
Data custodian

Answer 2

Correct Answer:
Governance committee

Question 3

Question 3.
Your organization is implementing a new data governance model. You are tasked with assigning roles to various team members.
One of your colleagues is responsible for processing personal data on behalf of the controller, based on the controller’s instructions.
Which data governance role BEST fits this colleague’s responsibilities?

answer
Processor
Incorrect answer:
Controller
Owner
Custodian

Answer 3

Correct Answer:
Processor

Question 4

Question 4.
A newly hired chief information security officer (CISO) is implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
What first function would help the CISO better develop the company’s security policies, such as acceptable use policy (AUP), and build out recommendations for security controls?

answer
Protect
Identify
Detect
Respond

Answer 4

Correct Answer:
Identify

Question 5

Question 5.
A large technology company has recently experienced a significant system failure due to a cyberattack. The chief information security officer (CISO) is conducting a post-incident review to identify ways to improve the organization’s resilience and recovery capabilities.
The CISO wants to focus on strategies that could have prevented the system downtime or minimized its duration and impact.
From a resilience and recovery standpoint in security architecture and continuity of operations planning (COOP), which of the following strategies would the CISO MOST likely recommend implementing to enhance the organization’s ability to prevent or quickly recover from similar incidents in the future? (Select two.)

answer
-Implement a detailed incident response plan
-Establish a redundant data center
-Invest in a stronger firewall system
-Expand the IT team with more developers
-Establish strong password policies and standards

Answer 5

Correct Answer:
Implement a detailed incident response plan

Correct Answer:
Establish a redundant data center

Question 6

Question 6.
A nonprofit organization is working to create an integrated strategy that responds to potential disasters and ensures the continuation of essential functions across various scenarios, including budget constraints and prolonged disruptions.
Which approach would BEST address these multifaceted requirements?

answer
Deploy a cold site.
Establish a COOP.
Implement a hot site.
Set up a warm site.

Answer 6

Correct Answer:
Establish a COOP.

Question 7

Question 7.
A company merged with another company and is reviewing and combining both companies’ procedures for incident response.
What should the joined companies have at the end of this preparation phase?

answer
Incident response plan
Communication plan
Incident response lifecycle
Incorrect answer:
Playbook

Answer 7

Correct Answer:
Incident response plan

Question 8

Question 8.
A large multinational company adopts a new standard to enhance its information security management system. The company operates across different regions, so the chosen standard must be internationally recognized.
The company wants the standard to provide a comprehensive framework to ensure adequate and proportionate security controls.
Which of the following standards would be MOST suitable for the company’s needs?

answer
ISO/IEC 27001
ISO/IEC 27018
PCI DSS
NIST Special Publication 800-63

Answer 8

Correct Answer:
ISO/IEC 27001

Question 9

Question 9.
As a security analyst at a large, you are tasked with reviewing and improving the company’s password security measures.
Currently, the company uses a simple hashing algorithm to store passwords. You are considering four options to enhance password security.
Which of the following would be the MOST effective method to implement?

answer
Implement password complexity requirements
Implement password salting
Increase the minimum password length requirement
Implement a password expiration policy

Answer 9

Correct Answer:
Implement password salting

Question 10

Question 10.
As a security manager at a financial institution, you are reviewing the company’s access control measures. You have identified potential areas of improvement and are considering four options to enhance access control security.
Which of the following would be the MOST effective method to implement?

answer
Increase password complexity requirements
Implement a two-factor authentication
Implement biometric authentication
Improve session management

Answer 10

Correct Answer:
Improve session management