1.4.2 Governance and Compliance Quiz Answers
1.4.2 Governance and Compliance Quiz. Cyber Threat Management Module 1 Quiz Answers
1. Which of the following principles is used by the U.S. government in its access control models?
- Job rotation
- Separation of duties
- Need to know
- Mandatory vacations
2. An organization has experienced several incidents involving employees downloading unauthorized software and using unauthorized websites and personal USB devices. What measures could the organization implement to manage these threats? (Choose three correct answers)
- Implement disciplinary action
- Monitor all employee activity
- Disable USB access
- Provide security awareness training
- Use content filtering
- Run computers from a central server rather than localized hard drives
3. The ability to carry out highly specialized review and evaluation of incoming cybersecurity information to determine if it is useful for intelligence is covered in what category of the National Cybersecurity Workforce Framework?
- Protect and defend
- Oversight and development
- Security provision
4. What act protects the personal information of students in schools?
5. Match the data governance role to the correct function.
6. Cybersecurity professionals may have access to sensitive data. What one factor should they understand to help them make informed ethical decisions in relation to this data?
- Partnerships with third parties
- Laws governing the data
- A potential bonus
- Cloud provider agreements
7. Which of the following frameworks identifies controls based on the latest information about common cyber attacks and provides benchmarks for various platforms?
- The National Cybersecurity Workforce
8. What law protects the privacy of an employee’s personal information from being shared with third parties?
- PCI DSS
9. What federal act law would an individual be subject to if they knowingly accessed a government computer without permission?
10. What do penetration tests and red team exercises achieve?
- They simulate attacks to gauge the security capabilities of an organization.
- They provide audit controls for all NetBIOS connections made.
- They provide a list of malware that has successfully penetrated the firewall.
- They provide audit trails for all TCP connections in place at any given time.
11. What is the function of the Cloud Security Alliance (CSA)?
- It provides security guidance to any organization that uses cloud computing.
- It audits the CIA Triad objectives.
- It produces a statement of applicability (SOA) which stipulates control objectives and audit controls to be implemented.
- It ensures total compliance with the ISO 27000 standards.
12. What is the primary goal of IT security governance?
- To provide oversight to ensure that risks are adequately mitigated
- To define a set of controls that an organization should implement
- To make decisions to mitigate risk
- To provide a set of policies and procedures to manage sensitive data