Question 1

From an information security perspective, information that no longer supports the main purpose of the business should be:

Accepted Answer

Information that no longer supports the main purpose of the business should be analyzed under the retention policy to determine if it should be archived or disposed of, ensuring compliance with legal and business requirements.

Question 2

The single most important consideration to make when developing your security program, policies, and processes is:

Accepted Answer

Alignment with the business is crucial because security programs must support the organization's goals and objectives to be effective and sustainable.

Question 3

The FIRST step in establishing a security governance program is to?

Accepted Answer

Obtaining senior level sponsorship is crucial as it ensures that the security governance program has the necessary support and resources from the top management, which is essential for its success and alignment with organizational goals.

Question 4

An organization's Information Security Policy is of MOST importance because_____________.

Accepted Answer

An Information Security Policy is crucial as it communicates management's commitment to protecting information resources, setting the tone and direction for the organization's security posture.

Question 5

A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions. This activity BEST demonstrates what part of a security program?

Accepted Answer

The answer of A security manager regularly checks work areas...

Question 6

An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

Accepted Answer

Data breach disclosure laws require organizations to notify affected individuals and entities when their personal information has been compromised in a security breach.

Question 7

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

Accepted Answer

Containment is the first step in reacting to an incident to prevent further damage and limit the spread of the incident.

Question 8

When briefing senior management on the creation of a governance process, the MOST important aspect should be:

Accepted Answer

Linkage to business area objectives is crucial because it ensures that the governance process aligns with the organization's goals and priorities, making it relevant and effective for senior management.

Question 9

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

Accepted Answer

Aligning security goals with business goals ensures that security initiatives are relevant and supported by the organization, fostering a culture that values and integrates security into its core operations.

Question 10

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Accepted Answer

A formal risk management process helps an organization to better understand the risks associated with using PII data, enabling them to implement appropriate measures to protect it and ensure compliance with relevant laws and regulations.

Question 11

What is the relationship between information protection and regulatory compliance?

Accepted Answer

Regulatory compliance often mandates the protection of specific types of information, such as personal data, while other information like trade secrets is protected based on business needs.

Question 12

In accordance with best practices and international standards, how often is security awareness training provided to employees of an organization?

Accepted Answer

Security awareness training is typically provided every 12 months to ensure employees are up-to-date with the latest security practices and threats.

Question 13

When dealing with a risk management process, asset classification is important because it will impact the overall:

Accepted Answer

Asset classification impacts risk treatment as it helps prioritize resources and strategies based on the value and importance of assets, influencing how risks are managed and mitigated.

Question 14

Which of the following is a benefit of information security governance?

Accepted Answer

Information security governance helps in reducing the potential for civil and legal liability by ensuring that security policies and procedures are in place to protect sensitive data and comply with legal and regulatory requirements.

Question 15

One of the MAIN goals of a Business Continuity Plan is to_______________.

Accepted Answer

A Business Continuity Plan primarily aims to provide step-by-step plans to recover business processes in the event of a disaster, ensuring that critical functions can continue or resume quickly.

Question 16

Who in the organization determines access to information?

Accepted Answer

The Data Owner is responsible for determining who has access to specific information within an organization, as they are accountable for the data's integrity, security, and proper use.

Question 17

An organization has defined a set of standard security controls. This organization has also defined the circumstances and conditions in which they must be applied. What is the NEXT logical step in applying the controls in the organization?

Accepted Answer

An asset classification is the next logical step in applying the controls in the organization because it helps to identify the assets that are most critical to the organization and need to be protected.

Question 18

Which of the following should be determined while defining risk management strategies?

Accepted Answer

Organizational objectives and risk tolerance are the foundation for defining risk management strategies.

Question 19

A method to transfer risk is to______________.

Accepted Answer

Purchasing breach insurance is a method to transfer risk by shifting the financial burden of a potential breach to an insurance company.

Question 20

The PRIMARY objective of security awareness is to:

Accepted Answer

The primary objective of security awareness is to encourage security-conscious behavior among employees, helping them understand the importance of security and how to protect organizational assets.

Exam 2: Certified Network Defender