Question 1

Which of the following elements ensures a policy is enforceable?&#10;A) Compliance can be measured.&#10;B) Appropriate sanctions are applied when the policy is violated.&#10;C) Appropriate administrative, technical, and physical controls are put in place to support the policy.&#10;D) All of the above

Accepted Answer

All of the options listed are essential for ensuring a policy is enforceable. Measuring compliance, applying sanctions for violations, and supporting the policy with appropriate controls are all critical elements.

Question 2

FERPA protects which of the following?&#10;A) Medical records&#10;B) Educational records&#10;C) Personally identifiable information&#10;D) Financial records

Accepted Answer

FERPA (Family Educational Rights and Privacy Act) specifically protects the privacy of student educational records.

Question 3

Which of the following is an example of an information asset?&#10;A) Business plans&#10;B) Employee records&#10;C) Company reputation&#10;D) All of the above

Accepted Answer

All the options listed (business plans, employee records, and company reputation) are examples of information assets as they hold value and are critical to the organization's operations and decision-making processes.

Question 4

Policy implementation and enforcement are part of which of the following phases of the cybersecurity policy life cycle?&#10;A) Develop&#10;B) Review&#10;C) Adopt&#10;D) Publish

Accepted Answer

Policy implementation and enforcement occur during the Adopt phase, where policies are put into action and compliance is ensured.

Question 5

Which of the following is the correct order of the policy life cycle?&#10;A) Review, develop, adopt, publish&#10;B) Develop, publish, adopt, review&#10;C) Publish, develop, review, adopt&#10;D) Review, adopt, develop, publish

Accepted Answer

The correct order of the policy life cycle typically starts with developing the policy, then publishing it so that it is accessible, followed by adopting it into practice, and finally reviewing it periodically to ensure it remains relevant and effective.

Question 6

Endorsed is one of the seven policy characteristics. Which of the following statements best describes endorsed?&#10;A) The policy is supported by management.&#10;B) The policy is accepted by the organization's employees.&#10;C) The policy is mandatory; compliance is measured; and appropriate sanctions are applied.&#10;D) The policy is regulated by the government.

Accepted Answer

Endorsed means that the policy has the support of management, indicating that it is officially approved or sanctioned by the leadership of the organization.

Question 7

Which of the following is the outcome of policy review?&#10;A) Retirement or renewal&#10;B) Retirement or reauthorization&#10;C) Renewal or reauthorization&#10;D) None of the above

Accepted Answer

Policy review can lead to either the retirement of a policy if it is deemed no longer relevant or necessary, or reauthorization if it is still considered useful and relevant.

Question 8

How often should policies be reviewed?&#10;A) Monthly&#10;B) Twice a year&#10;C) Annually&#10;D) Never

Accepted Answer

Policies should be reviewed annually to ensure they remain relevant and effective in light of any changes in the organization, technology, laws, or industry standards.

Question 9

Which of the following statements is not true?&#10;A) Policies should require only what is possible.&#10;B) Policies that are no longer applicable should be retired.&#10;C) All guiding principles and corporate cultures are good.&#10;D) Guiding principles set the tone for a corporate culture.

Accepted Answer

Not all guiding principles and corporate cultures are inherently good. They can sometimes promote negative behaviors or be misaligned with ethical standards, which contradicts the statement.

Question 10

Which of the following is not one of the tasks of the policy development phase?&#10;A) Approve&#10;B) Write&#10;C) Communicate&#10;D) Authorize

Accepted Answer

Communicate is not a task of the policy development phase but rather a part of the policy implementation phase, where policies are communicated to the relevant stakeholders. The development phase typically involves writing, approving, and authorizing the policy.

Question 11

The United States Department of Homeland Security defines how many critical infrastructure sectors?&#10;A) 16&#10;B) 14&#10;C) 20&#10;D) 17

Accepted Answer

The answer of The United States Department of Homeland Security...

Question 12

Which of the following is the seminal tool used to protect both our critical infrastructure and our individual liberties?&#10;A) Information security&#10;B) Society&#10;C) Physical security&#10;D) Policy

Accepted Answer

The answer of Which of the following is the seminal...

Question 13

Which of the following can be defined as the shared attitudes, goals, and practices that characterize a company, corporation, or institution?&#10;A) Regulations&#10;B) Corporate culture&#10;C) Cybersecurity policy&#10;D) Guiding principles

Accepted Answer

The answer of Which of the following can be defined...

Question 14

Which of the following is a collection of articles and amendments that provide a framework for the American government and define citizens' rights?&#10;A) The Constitution&#10;B) The Torah&#10;C) Data Protection Act&#10;D) Consumer Credit Act

Accepted Answer

The answer of Which of the following is a collection...

Question 15

Which layer in the defense-in-depth strategy includes firewalls, IDS/IPS devices, segmentation, and VLANs?&#10;A) Physical security&#10;B) Network security&#10;C) Perimeter security&#10;D) Application security

Accepted Answer

The answer of Which layer in the defense-in-depth strategy includes...

Question 16

Which of the following is another term for statutory law?&#10;A) Legislation&#10;B) Regulation&#10;C) Policy&#10;D) Governance

Accepted Answer

The answer of Which of the following is another term...

Question 17

Which of the following federal legislations, also known as the Financial Modernization Act of 1999, was created to reform and modernize the banking industry by eliminating existing barriers between banking and commerce?

A) HITECH
B) HIPAA
C) FERPA
D) GLBA

Accepted Answer

The answer of Which of the following federal legislations, also...

Question 18

Which major regulation entity within the European Union (EU) was created to maintain a single standard for data protection among all member states in the EU?&#10;A) Directive on Security of Network and Information Systems (the NIS Directive)&#10;B) EU General Data Protection Regulation (GDPR)&#10;C) European Union Agency for Network and Information Security (ENISA)&#10;D) The Consumer Credit Regulations 2010

Accepted Answer

The answer of Which major regulation entity within the European...

Question 19

Which key task in the policy development phase requires the authors to consult with internal and external experts, including legal counsel, human resources, compliance, cybersecurity and technology professionals, auditors, and regulators?

A) Writing
B) Authorizing
C) Vetting
D) Planning

Accepted Answer

The answer of Which key task in the policy development...

Question 20

Which key task in the policy adoption phase is the busiest and most challenging task of all?&#10;A) Implementation&#10;B) Enforcement&#10;C) Monitoring&#10;D) Education

Accepted Answer

The answer of Which key task in the policy adoption...

Deck 1: Understanding Cybersecurity Policy and Governance