Chap 1 - information & Sec environment

Question 1

The purpose of a copyright is to protect

Answer 1

The expression of ideas

Question 2

Ethical obligations to society include

Answer 2

Duty to principals

Question 3

An organization is developing a new product using sound project management principles. These principles should ensure that:

Answer 3

All changes to the project are formally reviewed and approved

Question 4

The purpose of a baseline is to:

Answer 4

Create a standard configuration for all equipment on the network

Question 5

The difference between awareness and training is:

Answer 5

Awareness should be provided to all staff not just IT

Question 6

To whom or what should a Chief Security Officer (CSO) report according to best practices?

Answer 6

As high up in the organization as possible to maintain visibility for Information security and limit the inaccurate translation of messages as they move through organizational management levels.

Question 7

The Organization for Economic Cooperation and Development (OECD) has generated and published a set of 8 principles for personal privacy. Which of the following is NOT one of these 8 principles?

Answer 7

Right to be Forgotten Principle. –> therefore, GDPR

Question 8

A CISSP candidate signs his or her agreement to the ISC2 Code of Ethics statement. Which of the following would violate this Code and could cause the candidate to lose his or her certification?

Answer 8

Retaining customer information from previous penetration tests

Question 9

All but which of the following items requires awareness for all individuals affected?

Answer 9

The backup mechanism used to retain email messages

Question 10

Which of the following is the most important and distinctive concept in relation to layered security?

Answer 10

Series

Question 11

Which of the following is a primary purpose of an e􀁛it interview?

Answer 11

To review the nondisclosure agreement

Question 12

Which of the following represents accidental or intentional exploitations of vulnerabilities?

Answer 12

Threat events

Question 13

What is the term used to describe the responsibility of a firm’s officers and directors to ensure that adequate measures are in place to minimize the effect of a disaster on the organization’s continued viability?

Answer 13

Due diligence

Question 14

Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs?

Answer 14

Copyright

Question 15

FlyAway Travel has offices in both the European Union and the United States and transfers personal information between those offices regularly. Which of the seven requirements for processing personal information states that organizations must inform individuals about how the information they collect is used?

Answer 15

Notice

The Notice principle says that organizations must inform individuals of the information the organization collects about individuals and how the organization will use it.

Question 16

In 1991, the federal sentencing guidelines formalized a rule that requires senior executives to take personal responsibility for information security matters. What is the name of this rule?

Answer 16

Prudent man rule

Question 17

Which one of the following control categories does not accurately describe a fence around a facility?

Answer 17

A. Physical –> correct

B. Detective
C. Deterrent
D. Preventive

Question 18

James is conducting a risk assessment for his organization and is attempting to assign an asset value to the servers in his data centre. The organization’s primary concern is ensuring that it has sufficient funds available to rebuild the data centre in the event it is damaged or destroyed. Which one of the following asset valuation methods would be most appropriate in this situation?

Answer 18

Replacement cost

Question 19

what is data portability

Answer 19

the right of data subject to move personal data from one data controller to another

Question 20

what agreement in 1996 governs the import & export of crypto technology

Answer 20

the wassenaar arrangement

Question 21

what are the key security roles (people)

Answer 21

1. senior mgmt
2. security professionals
3. asset owner
4. custodian
5. user
6. auditors

Question 22

what are the basic secure design principles

Answer 22

1. least privilege
2. defense in depth
3. secure default
4. fail securely
5. separation of duties
6. keep it simple
7. trust, but verify
8. zero trust
9. privacy by design
10. shared responsibilities

Question 23

what are the 8 privacy principles

Answer 23

1. collection limitation
2. data quality
3. purpose specification
4. use limitation
5. security safeguard
6. openness principles
7. individual participation
8. accountability

Question 24

(ISC)2 code of ethics

Answer 24

1. protect society, the common good, necessary public trust and confidence and the infrastructure
2. act honorably, honestly, justly, responsibly and legally
3. provide diligent and competent service to principals
4. advance and protect the profession