Cybersecurity Management I - Strategic -
C727 UCertify Practice Test (A)
You are your organization's security administrator. You need to ensure that your
organization's data is accurate and secure. Which security objective should you
implement?
Confidentiality and integrity
What are the core security objectives for the protection of information assets?
Confidentiality, integrity, and availability
Question 3 :What does sending data across an insecure network, such as the
Internet, primarily affect?
Question 3 :Confidentiality and integrity
For which security objective(s) should system owners and data owners be
accountable?
availability, integrity, and confidentiality
Question 5 :What is the designation of an employee who is responsible for
maintaining and protecting information?
Data custodian BECAUSE they do the following:
Maintaining activity records
Verifying data accuracy and reliability
Backing up and restoring data regularly
Which role is a strategic role that helps to develop policies, standards, and
guidelines and ensures the security elements are implemented properly?
Security analyst
______________approves data classes and alters the classes as needs arise. This
role must ensure that appropriate security controls and user access rights are in
place.
The data owner
__________ creates new user accounts and passwords, implements security
software, and tests patches and software components. This role is more
functional in nature as compared to the security analyst role.
The security administrator
You have been asked to design a security program. Which approach should you
use?
Top-down approach
___________ occurs when the IT department has to implement a security program
without top management's initiation or support. This approach is less effective
than the top-down approach.
A bottom-up approach
Question 8 :Which security framework acts as a model for IT governance and
focuses more on operational goals?
Question 8 :
COBIT
,___________________ is a security framework that acts as a model for corporate
governance and focuses more on strategic goals. The COSO framework is made
up of the following components:
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
_____________________is a standard that provides recommendations on
enterprise security. The domains covered in ISO 17799 are as follows:
Information security policy for the organization
Creation of information security infrastructure
Asset classification and control
Personnel security
Physical and environmental security
Communications and operations management
Access control
System development and maintenance
Business continuity management
Compliance
International Standards Organization (ISO) 17799
Question 9 :Which term indicates that a company has taken reasonable measures
to protect its confidential information and employees?
Due care
Due care implies that a company assumes responsibility for the actions taking place
within the organization by taking reasonable measures to prevent security breaches and
to protect information assets and employees. Due care also ensures minimum damage
and loss of information and individuals in the event of an intrusion because the
countermeasures are already in place
____________ is performed by the company before the standards for due care are
set. Due diligence implies that the company investigates and determines the
possible vulnerabilities and risks associated with the information assets and
employee network of the company.
Due diligence
Question 10 :What should be the role of the management in developing an
information security program?
It is mandatory.
During a recent security audit, auditors note that the network administrator also
acts as the company's security administrator. They suggest that the security
administrator duties be given to another individual. Which task should NOT be
transferred to the new security administrator?
Software upgrade deployment
, Question 12 :Which role is delegated to personnel of the IT department and is
responsible for maintaining the integrity and security of the data?
Data custodian BECAUSE they are responsible for the following:
Maintaining records of activity
Verifying the accuracy and reliability of the data
Backing up and restoring data on a regular basis
__________ is responsible for maintaining and protecting one or more data
processing systems. The role primarily includes integration of the required
security features into the applications and a purchase decision of the
applications. This person also ensures that the remote access control, password
management, and operation system configurations provide the necessary
security
The system owner
Which business role must ensure that all operations fit within the business
goals?
business/mission owner
____________ is typically part of management. The data owner controls the
process of defining IT service levels, provides information during the review of
controls, and is responsible for authorizing the enforcement of security controls
to protect the information assets of the organization
The data owner
8)
You have been hired as a security contractor for a small manufacturing company.
The company currently uses a discretionary access control (DAC) model. What
individual is primarily responsible for determining access control in this
company?
8)
data owner
Which statement is true of the chief security officer's (CSO's) role in an
organization?
This role should be self-governing and independent of all the other departments in the
organization.
Question 18 :You have been asked to identify organizational goals for use in
developing an organizational security model. Which type of goals are daily goals?
operational goals
__________ are a generic term used to address all of the goals of an organization.
Each goal of the organization is classified as operational, tactical, or strategic in
nature.
Organizational goals
____________ are long-term goals. They look farther into the future than
operational and tactical goals, and take much longer to plan and implement.T
Strategic goals
C727 UCertify Practice Test (A)
You are your organization's security administrator. You need to ensure that your
organization's data is accurate and secure. Which security objective should you
implement?
Confidentiality and integrity
What are the core security objectives for the protection of information assets?
Confidentiality, integrity, and availability
Question 3 :What does sending data across an insecure network, such as the
Internet, primarily affect?
Question 3 :Confidentiality and integrity
For which security objective(s) should system owners and data owners be
accountable?
availability, integrity, and confidentiality
Question 5 :What is the designation of an employee who is responsible for
maintaining and protecting information?
Data custodian BECAUSE they do the following:
Maintaining activity records
Verifying data accuracy and reliability
Backing up and restoring data regularly
Which role is a strategic role that helps to develop policies, standards, and
guidelines and ensures the security elements are implemented properly?
Security analyst
______________approves data classes and alters the classes as needs arise. This
role must ensure that appropriate security controls and user access rights are in
place.
The data owner
__________ creates new user accounts and passwords, implements security
software, and tests patches and software components. This role is more
functional in nature as compared to the security analyst role.
The security administrator
You have been asked to design a security program. Which approach should you
use?
Top-down approach
___________ occurs when the IT department has to implement a security program
without top management's initiation or support. This approach is less effective
than the top-down approach.
A bottom-up approach
Question 8 :Which security framework acts as a model for IT governance and
focuses more on operational goals?
Question 8 :
COBIT
,___________________ is a security framework that acts as a model for corporate
governance and focuses more on strategic goals. The COSO framework is made
up of the following components:
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
_____________________is a standard that provides recommendations on
enterprise security. The domains covered in ISO 17799 are as follows:
Information security policy for the organization
Creation of information security infrastructure
Asset classification and control
Personnel security
Physical and environmental security
Communications and operations management
Access control
System development and maintenance
Business continuity management
Compliance
International Standards Organization (ISO) 17799
Question 9 :Which term indicates that a company has taken reasonable measures
to protect its confidential information and employees?
Due care
Due care implies that a company assumes responsibility for the actions taking place
within the organization by taking reasonable measures to prevent security breaches and
to protect information assets and employees. Due care also ensures minimum damage
and loss of information and individuals in the event of an intrusion because the
countermeasures are already in place
____________ is performed by the company before the standards for due care are
set. Due diligence implies that the company investigates and determines the
possible vulnerabilities and risks associated with the information assets and
employee network of the company.
Due diligence
Question 10 :What should be the role of the management in developing an
information security program?
It is mandatory.
During a recent security audit, auditors note that the network administrator also
acts as the company's security administrator. They suggest that the security
administrator duties be given to another individual. Which task should NOT be
transferred to the new security administrator?
Software upgrade deployment
, Question 12 :Which role is delegated to personnel of the IT department and is
responsible for maintaining the integrity and security of the data?
Data custodian BECAUSE they are responsible for the following:
Maintaining records of activity
Verifying the accuracy and reliability of the data
Backing up and restoring data on a regular basis
__________ is responsible for maintaining and protecting one or more data
processing systems. The role primarily includes integration of the required
security features into the applications and a purchase decision of the
applications. This person also ensures that the remote access control, password
management, and operation system configurations provide the necessary
security
The system owner
Which business role must ensure that all operations fit within the business
goals?
business/mission owner
____________ is typically part of management. The data owner controls the
process of defining IT service levels, provides information during the review of
controls, and is responsible for authorizing the enforcement of security controls
to protect the information assets of the organization
The data owner
8)
You have been hired as a security contractor for a small manufacturing company.
The company currently uses a discretionary access control (DAC) model. What
individual is primarily responsible for determining access control in this
company?
8)
data owner
Which statement is true of the chief security officer's (CSO's) role in an
organization?
This role should be self-governing and independent of all the other departments in the
organization.
Question 18 :You have been asked to identify organizational goals for use in
developing an organizational security model. Which type of goals are daily goals?
operational goals
__________ are a generic term used to address all of the goals of an organization.
Each goal of the organization is classified as operational, tactical, or strategic in
nature.
Organizational goals
____________ are long-term goals. They look farther into the future than
operational and tactical goals, and take much longer to plan and implement.T
Strategic goals
