Domain 1

Question 1

A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a _____ control.

Answer 1

Management/Administrative control

Question 2

Which region enacted comprehensive legislation addressing personal privacy in 2016?

Answer 2

European Union

(In 2016, the European Union passed comprehensive legislation addressing personal privacy, deeming it an individual human right)

Question 3

What is the purpose of implementing security controls in the risk management process?

Answer 3

To mitigate the risk to an acceptable level

Question 4

If a pickpocket is a threat, what would be their attack vector?

Answer 4

Their technique and approach

Question 5

What term is used to refer to information that, when combined with other pieces of data, significantly narrows the possibility of association with more individuals?

Answer 5

Personally Identifiable Information (PII)

Question 5

How do companies that offer identity theft insurance manage their own financial risk?

Answer 5

By calculating premium payments against potential payouts

Question 6

What potential risk can occur when a remote worker’s laptop is left unattended or unlocked?

Answer 6

Accidental introduction of unauthorized software with malware

Question 7

Multifactor authentication involves using two or more instances of different authentication factors.

Which of the following are considered a widely accepted factor for authentication?

Question 8

While taking the certification exam for this certification, you notice another candidate for the certification cheating.

What should you do?

Answer 8

Report the candidate to ISC2

Question 9

In the United States, which act governs the privacy of medical information?

Answer 9

HIPAA

Question 10

What is an “asset” in the context of risk management terminology?

Answer 10

Something in need of protection

Question 11

Who is responsible for determining risk tolerance in an organization?

Question 12

What action is suggested to mitigate the risk associated with a threat?

Answer 12

Evaluate the likelihood of the event and take appropriate actions to mitigate the risk

Question 13

Which regulation grants data protection and control to individuals within the EU, regardless of citizenship?

Answer 13

General Data Protection Regulation (GDPR)

Question 14

What role might security professionals play in risk assessment at a system level?

Answer 14

Assisting in risk assessment at a system level

Question 15

Who is responsible for identifying risks within an organization?

Answer 15

Employees at all levels of the organization

Question 16

Procedures are

Answer 16

the detailed steps
to complete a task that support
departmental or organizational policies

Question 17

Policies are

Answer 17

put in place by organizational
governance, such as executive
management, to provide guidance
in all activities to ensure that the
organization supports industry
standards and regulations

Question 18

Standards are

Answer 18

often used by governance
teams to provide a framework to
introduce policies and procedures
in support of regulations

Question 19

Regulations are

Answer 19

commonly issued
in the form of laws, usually from
government (not to be confused with
governance) and typically carry financial
penalties for non-compliance