Information Security Governance

Question 1

Which CIA security pillar often uses encryption?

• Availability
• Auditing
• Integrity
• Confidentiality

Answer 1

Confidentiality

Question 2

Which chain of custody step deals with user sign-in and sign-out logs?

• Transfer
• Collection
• Storage
• Access

Answer 2

Access

Question 3

Which password policy setting best protects against dictionary password attacks?

• Account lockout
• Password expiry
• Password length
• Password history

Answer 3

Account lockout

Question 4

Which body normally approves or rejects change requests?

• Chief Financial Officer (CFO)
• Change Advisory Board (CAB)
• Chief Executive Officer (CEO)
• Configuration Advisory Board (CAB)

Answer 4

Change Advisory Board (CAB)

Question 5

Which type of network connection is commonly used to link offices together without going over the Internet?

• Site-to-site VPN
• IPv6
• Dedicated network circuit
• User-to-site VPN

Answer 5

Dedicated network circuit

Question 6

Which SLA attribute relates the most closely to business continuity?

• Service location availability
• Service uptime
• Service costs
• Service credits

Answer 6

Service uptime

Question 7

Which strategy best defines the benefit of a Business Model for Information Security (BMIS)?

• Aligning business objectives with security design
• Period review of security control efficacy
• Reduced IT security costs
• Ensuring employee security awareness

Answer 7

Aligning business objectives with security design

Question 8

How does configuration management differ from change management?

• Change management keeps systems performance at a desired level over time, configuration management is short-term
• Configuration management keeps systems performance at a desired level over time, change management is short-term
• Configuration management applies solely to security controls, change management applies to long-term system desired performance
• Change management keeps systems performance above a specified level over time, configuration management is short-term

Answer 8

Configuration management keeps systems performance at a desired level over time, change management is short-term

Question 9

Which strategy should be employed to modify organizational culture to increase security awareness?

• Gap analysis
• BMIS
• COBIT
• Asset valuation

Answer 9

Gap analysis

Question 10

Which model treats internal and external threats egually?

• BMIS
• Zero-trust
• Zero-day
• COBIT

Answer 10

Zero-trust

Question 11

What is COBIT used for?

• Risk management
• Software coding pipelines
• Financial auditing
• Compliance with GDPR

Answer 11

Risk management

Question 12

Which term describes information that can be traced back to an individual?

• IP
• PII
• DSS
• PCI

Answer 12

PII

Question 13

Which term describes the process of defining the current and desired states of a system and outlines the pathway to achieve the desired state?

• COBIT
• Change management
• Gap analysis
• Configuration management

Answer 13

Gap analysis

Question 14

You are budgeting the next year’s cloud computing costs. Which type of expense is this?

• Operating expense
• Capital expense
• Long-term expense
• Short-term expense

Answer 14

Operating expense