Exam Question 31
Changes on project-managed applications or database should undergo the change control process as documenteD.
A. True
B. False
Correct Answer:
A. True
Exam Question 32
Who is authorized to change the classification of a document?
A. The author of the document
B. The administrator of the document
C. The owner of the document
D. The manager of the owner of the document
Correct Answer:
C. The owner of the document
Exam Question 33
All are prohibited in acceptable use of information assets, except:
A. Electronic chain letters
B. E-mail copies to non-essential readers
C. Company-wide e-mails with supervisor/TL permission.
D. Messages with very large attachments or to a large number ofrecipients.
Correct Answer:
C. Company-wide e-mails with supervisor/TL permission.
Exam Question 34
You are the lead auditor of the courier company SpeeDelivery. You have carried out a risk analysis and now want to determine your risk strategy. You decide to take measures for the large risks but not for the small risks.
What is this risk strategy called?
A. Risk bearing
B. Risk avoidance
C. Risk neutral
D. Risk skipping
Correct Answer:
A. Risk bearing
Exam Question 35
A hacker gains access to a web server and reads the credit card numbers stored on that server. Which security principle is violated?
A. Availability
B. Confidentiality
C. Integrity
D. Authenticity
Correct Answer:
B. Confidentiality
Exam Question 36
What is the goal of classification of information?
A. To create a manual about how to handle mobile devices
B. Applying labels making the information easier to recognize
C. Structuring information according to its sensitivity
Correct Answer:
C. Structuring information according to its sensitivity
Exam Question 37
A hacker gains access to a webserver and can view a file on the server containing credit card numbers.
Which of the Confidentiality, Integrity, Availability (CIA) principles of the credit card file are violated?
A. Availability
B. Confidentiality
C. Integrity
D. Compliance
Correct Answer:
B. Confidentiality
Exam Question 38
What type of measure involves the stopping of possible consequences of security incidents?
A. Corrective
B. Detective
C. Repressive
D. Preventive
Correct Answer:
C. Repressive
Exam Question 39
Which department maintain’s contacts with law enforcement authorities, regulatory bodies, information service providers and telecommunications service providers depending on the service requireD.
A. COO
B. CISO
C. CSM
D. MRO
Correct Answer:
B. CISO
Exam Question 40
What type of system ensures a coherent Information Security organisation?
A. Federal Information Security Management Act (FISMA)
B. Information Technology Service Management System (ITSM)
C. Information Security Management System (ISMS)
D. Information Exchange Data System (IEDS)
Correct Answer:
C. Information Security Management System (ISMS)