Information Security Governance and Risk Management Practice Test Questions

Information Security Governance and Risk Management

 You scored %%SCORE%% out of %%TOTAL%%, %%RATING%%  
Your answers are highlighted below.
Question 1
Which is not a type of security control?
Restrictive
Preventative
Corrective
Deterrent
Question 2
Which is not a stage of the System Life Cycle?
Disposal
Prototyping
Development
Implementation
Question 3
What type of policy requires responsibilities to be shared between multiple people so that no one malicious person can act alone?
Acceptable Use Policy
Separation of Duties Policy
Due Care Policy
Need-to-Know Policy
Question 4
What is the Exposure Factor in Risk Management?
Percent of loss of an asset given a specific threat
Level of risk present in a system
Remaining risk after mitigating controls have been applied
Total time required for mitigating a vulnerability
Question 5
Of the following, which would be the most effective way of increasing security awareness?
Incentives for security related accomplishments
Increased funding for security policy development
Continuous employee internet usage monitoring
Deploying additional monitoring devices
Question 6
Administrative Assistants and Secretaries are particularly vulnerable to what type of attack?
Email viruses
Social engineering
Password guessing
Blackmail
Question 7
What does the "C" in the AIC triad stand for?
Correction
Certification
Caution
Confidentiality
Question 8
In terms of Qualitative Risk Analysis, how is Exposure determined?
Threat x Risk
Risk x Potential
Vulnerability x Probability
Probability x Severity
Question 9
Which of the following is not an option when managing risk?
Accept
Mitigate
Avoid
Ignore
Question 10
Which of the following is NOT a Security Posture Assessment Methodology?
Octave
FITSAF
IAM
FIPS
Question 11
What does the "A" in the AIC triad stand for?
Availability
Accountability
Authorization
Authentication
Question 12
The responsibilities of an Information Security Officer include all of the following except:
Understanding the threats to the organization
Creating the overall mission statement
Preparing a budget for Information Security
Tracking security related metrics
Question 13
Who is responsible for communicating with Senior Management about security issues?
Information Security Officers
Project Managers
Directors
System Administrators
Once you are finished, click the button below. Any items you have not completed will be marked incorrect. Get Results
There are 13 questions to complete.

Comments

  1. Hina Naz says:
    May 12, 2011 at 8:45 am

    Good one…!!! need more tests..

    Reply
  2. Mitchell Rowton says:
    May 12, 2011 at 6:10 pm

    Thanks for the comment Hina, I’m working on more tests!

    Reply

Speak Your Mind

*