question

profilejimpop1998
Q6.pdf

2 points

How many days/weeks does an auditee should respond after receiving a draft report from the auditor at the �nal phase of the audit? 

2 points

For a security of�cer, what is the best approach to explain a technical topic to the CEO?

Quiz 6

Purpose

This assignment is intended to assess your ability to manage and measure the security effectiveness of controls.

Overview

This quiz covers Module 6 concepts. It will take about 60 minutes. This is an individual assignment. Make sure to complete all of the module’s reading and preparation before taking the quiz.

2-3 weeks 

5 to 10 business days

1-2 business days

3-4 weeks

Escalate the topic to the CSO.

Explain verbally as fast as possible and then send the details by e-mail.

Translate it by using analogies, stories, and relating to common everyday language.

Allow her to ask questions, and so that try to understand the gaps.

1

2

2 points

Which of the following is a must-have component of a successful security awareness campaign? 

2 points

Which is not requested by an external auditor in a pre-on-site meeting?

2 points

Your company wants to deliver information security messages to all of its employees monthly. Your company also has a limited budget to do this. Which of the following is the best delivery method of the content?

How to access computers

What end-users should do if they recognize or suspect that a security incident has occurred

The conditions in which passwords should be shared

The importance fusing badges 

Entrance, exit, and status meeting locations 

Area hotels and restaurants

Access control policy

Internet access

Online 

Hybrid

Outsourced

Face-to-face

3

4

5

2 points

Audit execution begins _____________

2 points

Which is not true?

2 points

In the most recent audit process, an auditor discovered that one end user within the organization wrote his password to a post-it and placed it in his cubicle where others could see it. Similar �ndings had been reported in the previous audits. Which one is the best approach?

after on-site arrival

after audit planning

before audit planning

before on-site arrival

Training is more formal than awareness.

In awareness, the learner is the recipient of the information.

Awareness is not training.

The purpose of awareness is to build knowledge and skills to facilitate job performance.

DO nothing, because the number of the cases is limited

Urge user to change his password

Inform the managers of the users

Include/emphasize clean desktop policy in the next security awareness training

6

7

8

2 points

What is the role of the audit coordinator?

2 points

Which one is not done in the audit planning phase?

2 points

Which one is correct with the exit conference?

All of them

Perform external audit

Perform internal audit

Respond to requests of auditors

Sending the list of documents to the auditors they requested

Determining scope

Reserving the conference room for the �rst meeting

Designation of an audit coordinator for the IT portion of the audit

All of them are wrong.

It may have lots of potential surprises for the company being audited.

A �nal report has been issued with �ndings.

The external auditor should present all of the �ndings.

9

10

11

2 points

Which one is not a typical end-user awareness vehicle?

2 points

What is the best way to convey your message to a CEO, if time is minimal?

2 points

Which one is wrong for an audit process?

Online quizzes

TV commercials

Security contests

Company newsletter

Elevator speech

Sending a written note

Sending an e-mail

Doing a presentation

It can be done internally or externally.

It is more like a process rather than a project.

It will probably cover the company policies and procedures.

It has �ve phases.

12

13

14

2 points

What does event analysis mean?

2 points

Which one is a good presentation strategy?

2 points

Which of the following is less likely done by an external auditor? 

The starting point of incident response

Analysis of the Incident response activities within a year

Analysis of the logs created by computers

Synonym of incident analysis

Don't mix presentation with audio or video artifacts.

Focus on a few main objectives for the presentation.

Don't let the audience interrupt the presentation by asking questions.

Read the presentation slide by slide.

Interviewing with an end-user about password hygiene practices 

Using a password cracker to check the strength of the passwords

Asking security manager about password policies

Reviewing password policies

15

16

17

2 points

Which is not a desired communication skill for a security of�cer?

2 points

What is the primary purpose of an external audit?

2 points

A security audit interview has three potential areas: Managerial, Technical, and Operational. Which is a correct assignment of areas to the processes within these areas:

Written communication skills

Negotiating skills

Presentation skills

Mind-reading skills

help internal audit department 

maintain customer retention

gain an advantage among competitors

maintain compliance with a regulation

Network monitoring: Technical / Annual assessments: Operational / Risk assessment: Managerial 

Network monitoring: Technical / Asset management: Operational / Annual assessments: Managerial

Logical access: Technical / Annual assessments: Operational / Security Awareness: Managerial

Human resources procedure: Technical / Asset management: Operational / Annual assessments: Managerial

18

19

20