Cybersecurity Management I - Strategic - C727 UCer
Cybersecurity Management I - Strategic - C727 UCer
Exam (elaborations)
Cybersecurity Management I - Strategic - C727 UCertify Practice Test (A)
0 view 0 purchase
Course
Cybersecurity Management I - Strategic - C727 UCer
Institution
Cybersecurity Management I - Strategic - C727 UCer
Cybersecurity Management I - Strategic - C727 UCertify Practice Test (A)
You are your organization's security administrator. You need to ensure that your organization's data is accurate and secure. Which security objective should you implement?
Confidentiality and integrity
What are the core s...
Cybersecurity Management I - Strategic - C727 UCer
All documents for this subject (6)
Seller
Follow
LectDan
Reviews received
Content preview
Cybersecurity Management I - Strategic -
C727 UCertify Practice Test (A)
You are your organization's security administrator. You need to ensure that your
organization's data is accurate and secure. Which security objective should you
implement?
Confidentiality and integrity
What are the core security objectives for the protection of information assets?
Confidentiality, integrity, and availability
Question 3 :What does sending data across an insecure network, such as the
Internet, primarily affect?
Question 3 :Confidentiality and integrity
For which security objective(s) should system owners and data owners be
accountable?
availability, integrity, and confidentiality
Question 5 :What is the designation of an employee who is responsible for
maintaining and protecting information?
Data custodian BECAUSE they do the following:
Maintaining activity records
Verifying data accuracy and reliability
Backing up and restoring data regularly
Which role is a strategic role that helps to develop policies, standards, and
guidelines and ensures the security elements are implemented properly?
Security analyst
______________approves data classes and alters the classes as needs arise. This
role must ensure that appropriate security controls and user access rights are in
place.
The data owner
__________ creates new user accounts and passwords, implements security
software, and tests patches and software components. This role is more
functional in nature as compared to the security analyst role.
The security administrator
You have been asked to design a security program. Which approach should you
use?
Top-down approach
___________ occurs when the IT department has to implement a security program
without top management's initiation or support. This approach is less effective
than the top-down approach.
A bottom-up approach
Question 8 :Which security framework acts as a model for IT governance and
focuses more on operational goals?
Question 8 :
COBIT
,___________________ is a security framework that acts as a model for corporate
governance and focuses more on strategic goals. The COSO framework is made
up of the following components:
Control Environment
Risk Assessment
Control Activities
Information and Communication
Monitoring
The Committee of Sponsoring Organizations of the Treadway Commission (COSO)
_____________________is a standard that provides recommendations on
enterprise security. The domains covered in ISO 17799 are as follows:
Information security policy for the organization
Creation of information security infrastructure
Asset classification and control
Personnel security
Physical and environmental security
Communications and operations management
Access control
System development and maintenance
Business continuity management
Compliance
International Standards Organization (ISO) 17799
Question 9 :Which term indicates that a company has taken reasonable measures
to protect its confidential information and employees?
Due care
Due care implies that a company assumes responsibility for the actions taking place
within the organization by taking reasonable measures to prevent security breaches and
to protect information assets and employees. Due care also ensures minimum damage
and loss of information and individuals in the event of an intrusion because the
countermeasures are already in place
____________ is performed by the company before the standards for due care are
set. Due diligence implies that the company investigates and determines the
possible vulnerabilities and risks associated with the information assets and
employee network of the company.
Due diligence
Question 10 :What should be the role of the management in developing an
information security program?
It is mandatory.
During a recent security audit, auditors note that the network administrator also
acts as the company's security administrator. They suggest that the security
administrator duties be given to another individual. Which task should NOT be
transferred to the new security administrator?
Software upgrade deployment
, Question 12 :Which role is delegated to personnel of the IT department and is
responsible for maintaining the integrity and security of the data?
Data custodian BECAUSE they are responsible for the following:
Maintaining records of activity
Verifying the accuracy and reliability of the data
Backing up and restoring data on a regular basis
__________ is responsible for maintaining and protecting one or more data
processing systems. The role primarily includes integration of the required
security features into the applications and a purchase decision of the
applications. This person also ensures that the remote access control, password
management, and operation system configurations provide the necessary
security
The system owner
Which business role must ensure that all operations fit within the business
goals?
business/mission owner
____________ is typically part of management. The data owner controls the
process of defining IT service levels, provides information during the review of
controls, and is responsible for authorizing the enforcement of security controls
to protect the information assets of the organization
The data owner
8)
You have been hired as a security contractor for a small manufacturing company.
The company currently uses a discretionary access control (DAC) model. What
individual is primarily responsible for determining access control in this
company?
8)
data owner
Which statement is true of the chief security officer's (CSO's) role in an
organization?
This role should be self-governing and independent of all the other departments in the
organization.
Question 18 :You have been asked to identify organizational goals for use in
developing an organizational security model. Which type of goals are daily goals?
operational goals
__________ are a generic term used to address all of the goals of an organization.
Each goal of the organization is classified as operational, tactical, or strategic in
nature.
Organizational goals
____________ are long-term goals. They look farther into the future than
operational and tactical goals, and take much longer to plan and implement.T
Strategic goals
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller LectDan. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.00. You're not tied to anything after your purchase.