Business Requirements Taken by: gram20253
Documentation Practice 0% Score
Test
1. What is the primary purpose of including a glossary in business
requirements documentation?
To provide a summary of the document's content
To familiarize readers with terminology and abbreviations
To outline the functional requirements
To detail the prioritization methods used
2. Which of the following, in the examiners report, can assist out intended
audience wade through any unfamiliar jargon and acronyms?
Forms
Notes
Glossary
All of the Above
3. Which type of audit is a verification that security controls specified are
properly implemented?
security audit
compliance audit
4. Which of the following is NOT listed as a vulnerability of merged
networks?
Lack of network monitoring
Misconfigured devices
Social Engineering
Strong encryption protocols
,5. Imagine you are managing a software development project. You have a list
of ten requirements, and after analysis, you categorize them as follows: 5
must have, 3 should have, 2 could have, and none won't have. How would
this prioritization affect your project timeline and resource allocation?
The project will be delayed as all requirements need to be met.
Resources will be focused primarily on must-have requirements,
potentially speeding up the project.
All requirements will be implemented simultaneously, regardless of
priority.
The project will be abandoned due to the high number of must-
have requirements.
6. If a company is merging two networks and wants to mitigate the risks
associated with vulnerabilities, which of the following strategies would be
most effective?
Implementing strong encryption protocols across both networks.
Conducting regular training sessions on social engineering for
employees.
Establishing a comprehensive network monitoring system.
Restricting access to only high-level executives.
7. You have just started a role with a start-up company that has existing
relationships with third-party vendors. During a meeting with the
stakeholders, you are told that they are not worried about risks because
they only do business with "reputable" companies. You convince them to
allow you to conduct a high-level preliminary vendor risk assessment.
Which of the following should be performed as part of an initial
assessment?
Review vendor's business continuity plan, regulatory compliance
activities and breach history.
, Review vendor's types of controls, staff training practices and
quality of technology.
Review vendor's remediation practices, maintenance standards and
deletion procedures.
Review vendor's privacy policies, staff training practices and other
types of data collection.
8. A security audit is best defined as what?
A covert series of tests designed to test network authentication,
hosts and perimeter security
A technical assessment that measures how well an organization
uses security policies and controls to protect its information
assets
Employing an intrusion detection system (IDS) to monitor
anomalous traffic on a network segment and logging attempted
break-ins
Hardening systems before deploying them on the corporate
network
9. Requirements documentation will typically contain at least:
Stakeholder requirements, staffing requirements, and transition
requirements.
Business requirements, the stakeholder register, and functional
requirements.
Stakeholder impact, budget requirements, and communications
requirements.
Business objectives, stakeholder impact, and functional
requirements.
10. Which statement is true about Functional Requirement and Non-functional
Requirement?
Documentation Practice 0% Score
Test
1. What is the primary purpose of including a glossary in business
requirements documentation?
To provide a summary of the document's content
To familiarize readers with terminology and abbreviations
To outline the functional requirements
To detail the prioritization methods used
2. Which of the following, in the examiners report, can assist out intended
audience wade through any unfamiliar jargon and acronyms?
Forms
Notes
Glossary
All of the Above
3. Which type of audit is a verification that security controls specified are
properly implemented?
security audit
compliance audit
4. Which of the following is NOT listed as a vulnerability of merged
networks?
Lack of network monitoring
Misconfigured devices
Social Engineering
Strong encryption protocols
,5. Imagine you are managing a software development project. You have a list
of ten requirements, and after analysis, you categorize them as follows: 5
must have, 3 should have, 2 could have, and none won't have. How would
this prioritization affect your project timeline and resource allocation?
The project will be delayed as all requirements need to be met.
Resources will be focused primarily on must-have requirements,
potentially speeding up the project.
All requirements will be implemented simultaneously, regardless of
priority.
The project will be abandoned due to the high number of must-
have requirements.
6. If a company is merging two networks and wants to mitigate the risks
associated with vulnerabilities, which of the following strategies would be
most effective?
Implementing strong encryption protocols across both networks.
Conducting regular training sessions on social engineering for
employees.
Establishing a comprehensive network monitoring system.
Restricting access to only high-level executives.
7. You have just started a role with a start-up company that has existing
relationships with third-party vendors. During a meeting with the
stakeholders, you are told that they are not worried about risks because
they only do business with "reputable" companies. You convince them to
allow you to conduct a high-level preliminary vendor risk assessment.
Which of the following should be performed as part of an initial
assessment?
Review vendor's business continuity plan, regulatory compliance
activities and breach history.
, Review vendor's types of controls, staff training practices and
quality of technology.
Review vendor's remediation practices, maintenance standards and
deletion procedures.
Review vendor's privacy policies, staff training practices and other
types of data collection.
8. A security audit is best defined as what?
A covert series of tests designed to test network authentication,
hosts and perimeter security
A technical assessment that measures how well an organization
uses security policies and controls to protect its information
assets
Employing an intrusion detection system (IDS) to monitor
anomalous traffic on a network segment and logging attempted
break-ins
Hardening systems before deploying them on the corporate
network
9. Requirements documentation will typically contain at least:
Stakeholder requirements, staffing requirements, and transition
requirements.
Business requirements, the stakeholder register, and functional
requirements.
Stakeholder impact, budget requirements, and communications
requirements.
Business objectives, stakeholder impact, and functional
requirements.
10. Which statement is true about Functional Requirement and Non-functional
Requirement?
