Q1. A well executed risk analysis provides a great deal of useful information. A risk analysis has four main objectives. What is not one of the four main objectives of a risk analysis?

A. Identifying assets and their value

B. Determining the costs of threats

C. Establishing a balance between the costs of an incident and the costs of a security measure

D. Determining relevant vulnerabilities and threats

View Answer

Q2. What is the relationship between data and information?

A. Data is structured information.

B. Information is the meaning and value assigned to a collection of data.

View Answer

Q3. Your company is in the news as a result of an unfortunate action by one of your employees. The

phones are ringing off the hook with customers wanting to cancel their contracts. What do we call this type of damage?

A. Direct damage

B. Indirect damage

View Answer

Q4. What is the relationship between data and information?

A. Data is structured information.

B. Information is the meaning and value assigned to a collection of data.

View Answer

Q5. Some threats are caused directly by people, others have a natural cause. What is an example of an intentional human threat?

A. Lightning strike

B. Arson

C. Flood

D. Loss of a USB stick

View Answer

Q6. Who is authorized to change the classification of a document?

A. The author of the document

B. The administrator of the document

C. The owner of the document

D. The manager of the owner of the document

View Answer

Q7. The Information Security Manager (ISM) at Smith Consultants Inc. introduces the following measures to assure information security:

- The security requirements for the network are specified.

- A test environment is set up for the purpose of testing reports coming from the database.

- The various employee functions are assigned corresponding access rights.

- RFID access passes are introduced for the building. Which one of these measures is not a technical measure?

A. The specification of requirements for the network

B. Setting up a test environment

C. Introducing a logical access policy

D. Introducing RFID access passes

View Answer

Q8. What is the objective of classifying information?

A. Authorizing the use of an information system

B. Creating a label that indicates how confidential the information is

C. Defining different levels of sensitivity into which information may be arranged

D. Displaying on the document who is permitted access

View Answer

Q9. You own a small company in a remote industrial areA. Lately, the alarm regularly goes off in the middle of the night. It takes quite a bit of time to respond to it and it seems to be a false alarm every time. You decide to set up a hidden camerA. What is such a measure called?

A. Detective measure

B. Preventive measure

C. Repressive measure

View Answer

Q10. What is the definition of the Annual Loss Expectancy?

A. The Annual Loss Expectancy is the amount of damage that can occur as a result of an incident

during the year.

B. The Annual Loss Expectancy is the size of the damage claims resulting from not having carried out risk analyses effectively.

C. The Annual Loss Expectancy is the average damage calculated by insurance companies for

businesses in a country.

D. The Annual Loss Expectancy is the minimum amount for which an organization must insure

itself.

View Answer