Comprehensive Assessment on Information
Security Practices and Risk Management
Multiple Answer
1 point
Question 1 is unpinned. Click to pin.
Question at position 1
Which of the following examples, whether it represents a threat, risk, or neither, could or should
be included in a security awareness program at an organization? Select two.
Enforce a password that includes at least eight upper- and lowercase, special, and numeric
characters.
Displaying warning signs at an airport to use your own charging block when charging your
device.
Inserting a USB flash drive a student left behind in a classroom to help identify the owner.
Use computer-based training to deliver instruction because it is considered the best means of
training.
Receiving a call from the president of the company urgently requesting a forgotten password.
Question at position 2
2
Multiple Choice
1 point
Question 2 is unpinned. Click to pin.
Question at position 2
A company wants to implement a security awareness training program that includes sending
certain types of emails to help keep track of the extent to which employees are behaving like
human firewalls. They also want to rotate the different types of messages based on job
description and include links to online games in some of the messages. What type of training
should they include?
Phishing simulations
Gamification
Computer-based training
Role-based awareness training
Question at position 3
, 3
Multiple Choice
1 point
Question 3 is unpinned. Click to pin.
Question at position 3
An independent contractor offers services providing practical and tangible security training to
adults in various organizations. The training program includes a heavy hands-on component and
makes provision for applying concepts based on questions presented by attendees. Which of the
following statements are true regarding this mode of instruction?
The instructor uses a pedagogical approach that will benefit kinesthetic learners.
The instructor uses an andragogical approach that will benefit kinesthetic learners.
The instructor uses an andragogical approach that will benefit auditory learners.
The instructor uses an andragogical approach that will benefit visual learners.
The instructor uses a pedagogical approach that will benefit visual learners.
The instructor uses a pedagogical approach that will benefit auditory learners.
Question at position 4
4
Multiple Answer
1 point
Question 4 is unpinned. Click to pin.
Question at position 4
Artemis visits a supplier to participate in a vendor monitoring effort to help reduce the risks
associated with third parties. Which of the following are most likely to be included in the
agenda? Select three.
Review the quarterly questionnaire about their supply-chain security protections.
Audit the results of their penetration testing.
Evaluate steps in the supply chain.
Ensure the memorandum of understanding can be legally enforced.
Review evidence of internal audits.
Question at position 5
5
Multiple Answer
1 point
Question 5 is unpinned. Click to pin.
Security Practices and Risk Management
Multiple Answer
1 point
Question 1 is unpinned. Click to pin.
Question at position 1
Which of the following examples, whether it represents a threat, risk, or neither, could or should
be included in a security awareness program at an organization? Select two.
Enforce a password that includes at least eight upper- and lowercase, special, and numeric
characters.
Displaying warning signs at an airport to use your own charging block when charging your
device.
Inserting a USB flash drive a student left behind in a classroom to help identify the owner.
Use computer-based training to deliver instruction because it is considered the best means of
training.
Receiving a call from the president of the company urgently requesting a forgotten password.
Question at position 2
2
Multiple Choice
1 point
Question 2 is unpinned. Click to pin.
Question at position 2
A company wants to implement a security awareness training program that includes sending
certain types of emails to help keep track of the extent to which employees are behaving like
human firewalls. They also want to rotate the different types of messages based on job
description and include links to online games in some of the messages. What type of training
should they include?
Phishing simulations
Gamification
Computer-based training
Role-based awareness training
Question at position 3
, 3
Multiple Choice
1 point
Question 3 is unpinned. Click to pin.
Question at position 3
An independent contractor offers services providing practical and tangible security training to
adults in various organizations. The training program includes a heavy hands-on component and
makes provision for applying concepts based on questions presented by attendees. Which of the
following statements are true regarding this mode of instruction?
The instructor uses a pedagogical approach that will benefit kinesthetic learners.
The instructor uses an andragogical approach that will benefit kinesthetic learners.
The instructor uses an andragogical approach that will benefit auditory learners.
The instructor uses an andragogical approach that will benefit visual learners.
The instructor uses a pedagogical approach that will benefit visual learners.
The instructor uses a pedagogical approach that will benefit auditory learners.
Question at position 4
4
Multiple Answer
1 point
Question 4 is unpinned. Click to pin.
Question at position 4
Artemis visits a supplier to participate in a vendor monitoring effort to help reduce the risks
associated with third parties. Which of the following are most likely to be included in the
agenda? Select three.
Review the quarterly questionnaire about their supply-chain security protections.
Audit the results of their penetration testing.
Evaluate steps in the supply chain.
Ensure the memorandum of understanding can be legally enforced.
Review evidence of internal audits.
Question at position 5
5
Multiple Answer
1 point
Question 5 is unpinned. Click to pin.
