Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
57 views2 pages

Cissp Questions

The document contains a series of questions and answers related to risk management and information security concepts. Key topics include residual risk, risk management frameworks, security governance, the distinction between policies and procedures, risk transference, and regulations governing financial data protection. The answers highlight the importance of aligning security efforts with business objectives and understanding the roles of various frameworks and regulations.

Uploaded by

isaacfiififerguson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
57 views2 pages

Cissp Questions

The document contains a series of questions and answers related to risk management and information security concepts. Key topics include residual risk, risk management frameworks, security governance, the distinction between policies and procedures, risk transference, and regulations governing financial data protection. The answers highlight the importance of aligning security efforts with business objectives and understanding the roles of various frameworks and regulations.

Uploaded by

isaacfiififerguson
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

5. Which of the following best describes residual risk?

A) Risk that remains after implementing controls


B) Risk that has been completely eliminated
C) Risk that is transferred to a third party
D) The initial risk before controls are applied

Answer: A) Risk that remains after implementing controls

6. Which framework is commonly used for risk management?

A) COBIT
B) ITIL
C) NIST 800-30
D) CMMI

Answer: C) NIST 800-30

7. What is the main goal of security governance?

A) Reduce the number of security incidents to zero


B) Align security efforts with business objectives
C) Ensure strict compliance with all regulations
D) Prevent all insider threats

Answer: B) Align security efforts with business objectives

8. What is the difference between a policy and a procedure in information


security?

A) A policy defines "what" must be done, while a procedure defines "how" to do it


B) Policies are only for executives, while procedures are for employees
C) Procedures are more important than policies
D) There is no difference between policies and procedures

Answer: A) A policy defines "what" must be done, while a procedure defines "how" to do it
9. Which of the following is an example of risk transference?

A) Encrypting sensitive data


B) Purchasing cybersecurity insurance
C) Implementing an intrusion detection system
D) Conducting a vulnerability assessment

Answer: B) Purchasing cybersecurity insurance

10. Which law regulates the protection of financial data in the United States?

A) GDPR
B) HIPAA
C) SOX
D) PCI DSS

Answer: C) SOX (Sarbanes-Oxley Act)

You might also like