The basic outcomes of infosec governance should include all but which of the following?


Question 1:


The basic outcomes of InfoSec governance should include all but which of the following?


A. Value delivery by optimizing InfoSec investments in support of organizational objectives


B. Time management by aligning resources with personnel schedules and organizational objectives


C. Resource management by utilizing information security knowledge and infrastructure efficiently and effectively


D. Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizatioi objectives are achieved


Question 2:


Organizations like DEWA, ADDC, Dubai Airports, Abu Dhabi Airports are recommended to have .. . . site for disaster recovery and business continuity


A. Hot site

B. Cold site

C. Cloud storage

D.Warm site


Question 3:


COBIT has four domains. Please select the correct domain for this activity – “The IT staff configured the newly installed firewall at the perimeter of the LAN”.


A. Monitor and evaluate

B. Deliver and support

C. Acquire and implement

D.Plan and organize


Question 4:


he basic outcomes of InfoSec governance should include all but which of the following?


A. Time management by aligning resources with personnel schedules and organizational objectives


B. Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved


C. Value delivery by optimizing InfoSec investments in support of organizational objectives


D. Resource management by utilizing information security knowledge and infrastructure efficiently and effectively


Question 5:


You are working as a trainee IT manager and have been asked to create a list of the major components of the ISSP. (Select all three major components)


A. Limitations of Liability

B. Proprietary Usesl

C. Violations of Policy

D. Prohibited Uses


Question 6:


While working in the IT department of a medium sized organization in UAE, you have been asked to select the two most cost-effective methods for disseminating security information and news to employees? Your choice will be… (Select two)


A. Employee seminars

B. Security poster

C. E-mailed security newsletter

D. Security-themed Web site


Question 7:


As an IT Security Training Manager you have been asked by your CIO to give her reasons why you chose the formal class method of training? Your two answers will be:


A. Synchronous communication mode

B. can be scheduled to fit the needs of the trainee

C. interaction with trainer is possible

D. self-paced learning method


Question 8:


During the interview for the job of an IS security training manager at a government organization you gave been asked to state the purpose and advantage of a security program to an organization. Your choices will be.. (select three correct answers).


A. Awareness serves to instill a sense of responsibility and purpose in employees who handle and manage information


B. It helps employees to configure the firewall of the company’s server correctly


C. SETA leads employees to care more about their work environment especially when using company workstations


D. A security awareness program which keeps InfoSec at the forefront of users’ minds on a daily basis.


Question 9:


What is necessary for a top-down approach to the implementation of InfoSec to succeed? (Select all correct three answers)


A. For any top-down approach to succeed, high-level management must buy into the effort and provide its full support to all departments


B. The champion will ensure that all grassroot employees have the final say in the final decision making process of the infosec program


C. Such an initiative will have a champion who is an executive with sufficient influence to move the InfoSec project forward


D. The champion will ensure that the InfoSec project is properly managed, and push for its accentance.


Question 10:


Clause A6.1.2 in ISO27001 refers to “segregation of duties”. This concerns


A. Ensuring that information security duties are segregated from all other duties and employees doing information security should not do other work


B. Ensuring that tasks are split by function area. For example, there should not be an overlap between Finance tasks and Human Resources tasks


C. Ensuring that information security tasks in an organization are done only by IT and IT security professionals


D. Ensuring that important tasks are split in such a way that more than one person is responsible for their completion

Answer

According to the answering guidelines of Chegg, I have answered only one question but I have given an explanation to the other 2 also

Question 1:

ans.D. Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organization objectives are achieved

Question 2:

ans.A. Hotsite , because it is a type of backup facility which is almost similar to the real production centre and has all the facilities such as necessary hardware, network connectivity, and software , which allows us to perform the real-time backup or replication of the critical data.

Question 6:

ans.Organizing seminar and e-mailed newsletter , because they are the most economical way to disseminate the security information which spending any money. While in posters a lump amount of money could have used and in also making changes to security themed website, company has to pay the developer for extra project.

Leave a Comment