|Question 1||1 / 1 point|
Which of the following is not a primary goal of an organizational security program?
|a. protect against harm or loss|
|b. detect attempts to cause harm or loss|
|c. react to changes in laws and regulations|
|d. document incidents and responses|
|Question 2||1 / 1 point|
Organizations use _______________________ to ensure the confidentiality, integrity, and availability of information and information systems.
|d. a combination of a, b, and c|
|Question 3||1 / 1 point|
The organization’s security program must support its _______.
|a. profit goals|
|b. business functions and strategies|
|c. product designs|
|d. employee education benefit|
|Question 4||1 / 1 point|
The four types of security provided by an organization-level security program are:
|a. contract, information, personnel, physical|
|b. information, personnel, physical, facilities|
|c. information, personnel, physical, special|
|d. contract, contractor, control systems, confidentiality|
|Question 5||1 / 1 point|
Contingency plans are used to:
|a. prepare for events that might happen but are not certain to happen|
|b. assign personnel to work unplanned overtime|
|c. prepare for changes in laws and regulations that could impact the organization’s security program|
|d. none of the above|
|Question 6||1 / 1 point|
The ________ is in charge of the organization-level security program.
|d. director of IT services|
|Question 7||1 / 1 point|
The ____________ includes security guidance for configuration, testing, and maintenance of information systems.
|Question 8||1 / 1 point|
The ________________ standard provides a framework for the establishment of an organization’s information systems security program.
|c. ISO 27001/27002|
|d. all of the above|
|Question 9||1 / 1 point|
The organization’s security program manual includes all of the following except:
|a. cybersecurity management|
|b. software security management|
|c. hardware security management|
|d. network security management|
|Question 10||5 / 5 points|
A natural disaster has forced your company to shut down operations at its primary data facility. Which contingency plan should you activate and why? Please type your answer in the box below.
CP-10 Information System Recovery and Reconstitution. This plan should be implemented because it provides for recovery and reconstitution of services and information after a disruption has occurred. Before it is enacted, it allows the individual to choose which state the system will return to which ideally means that the individual activating the contingency plan will know what to expect once the system reboots.
The correct answer is not displayed for Long Answer type questions.