Cybersecurity Management Solved
Exam Questions
Course Introduction
Cybersecurity Management explores the principles, frameworks, and best practices necessary to protect organizational information assets in a rapidly evolving digital landscape. The course covers key topics such as risk assessment, policy development, security governance, incident response, compliance with legal and regulatory standards, and security awareness training. Students gain a comprehensive understanding of how to design, implement, and evaluate security strategies that align with business objectives, with a focus on leadership roles and decision-making in the context of organizational cybersecurity. Through case studies and real-world scenarios, learners develop the skills needed to manage cybersecurity initiatives, communicate effectively with stakeholders, and foster a strong security culture within organizations.
Recommended Textbook
Management of Information Security 5th Edition by Michael E. Whitman
Available Study Resources on Quizplus
12 Chapters
706 Verified Questions
706 Flashcards
Source URL: https://quizplus.com/study-set/2555
Page 2
Chapter 1: Introduction to the Management of Information Security
Available Study Resources on Quizplus for this Chatper
63 Verified Questions
63 Flashcards
Source URL: https://quizplus.com/quiz/50835
Sample Questions
Q1) ESD is the acronym for ____________________ discharge.
Answer: electrostatic
Q2) What do audit logs that track user activity on an information system provide?
A) identification
B) authorization
C) accountability
D) authentication
Answer: C
Q3) The three levels of planning are strategic planning,tactical planning,and ____________________ planning.
Answer: operational
Q4) The application of computing and network resources to try every possible combination of options of a password is called a dictionary attack.
A)True
B)False
Answer: False
Q5) The set of organizational guidelines that dictates certain behavior within the organization is called ____________________.
Answer: policy
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Compliance: Law and Ethics
Available Study Resources on Quizplus for this Chatper
50 Verified Questions
50 Flashcards
Source URL: https://quizplus.com/quiz/50836
Sample Questions
Q1) An organization increases its _____________ if it refuses to take measures-due care-to make sure that every employee knows what is acceptable and what is not,and the consequences of illegal or unethical actions.
Answer: liability
Q2) Which ethical standard is based on the notion that life in community yields a positive outcome for the individual,requiring each individual to contribute to that community?
A) utilitarian
B) virtue
C) fairness or justice
D) common good
Answer: D
Q3) Which of the following is compensation for a wrong committed by an employee acting with or without authorization?
A) liability
B) restitution
C) due diligence
D) jurisdiction
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Governance and Strategic Planning for Security
Available Study Resources on Quizplus for this Chatper
52 Verified Questions
52 Flashcards
Source URL: https://quizplus.com/quiz/50837
Sample Questions
Q1) A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.
A)True
B)False
Answer: False
Q2) According to the Corporate Governance Task Force (CGTF),which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?
A) Initiating
B) Establishing
C) Acting
D) Learning
Answer: A
Q3) Describe the key approaches organizations are using to achieve unified Enterprise Risk Management.
Answer: Combining physical security and InfoSec under one leader as one business functionUsing separate business functions that report to a common senior executiveUsing a risk council approach to provide a collaborative approach to risk management
To view all questions and flashcards with answers, click on the resource link above.
Chapter 4: Information Security Policy
Available Study Resources on Quizplus for this Chatper
56 Verified Questions
56 Flashcards
Source URL: https://quizplus.com/quiz/50838
Sample Questions
Q1) Information security policies are designed to provide structure in the workplace and explain the will of the organization's management.
A)True
B)False
Q2) What are the four elements that an EISP document should include?
Q3) What are the two general methods for implementing technical controls?
A) profile lists and configuration filters
B) firewall rules and access filters
C) user profiles and filters
D) access control lists and configuration rules
Q4) When an organization demonstrates that it is continuously attempting to meet the requirements of the market in which it operates,what is it ensuring?
A) policy administration
B) due diligence
C) adequate security measures
D) certification and accreditation
Q5) The three types of information security policies include the enterprise information security policy,the issue-specific security policy,and the ____________________ security policy.
To view all questions and flashcards with answers, click on the resource link above. Page 6
Chapter 5: Developing the Security Program
Available Study Resources on Quizplus for this Chatper
65 Verified Questions
65 Flashcards
Source URL: https://quizplus.com/quiz/50839
Sample Questions
Q1) In larger organizations,responsible for some aspect of information security; in smaller organizations,this title may be assigned to the only or senior security administrator.
A) InfoSec program
B) SETA
C) scope creep
D) security watchstander
E) security manager
F) CISO
G) projectitis
H) critical path method
I) security technicians
J) security awareness program
Q2) Which of the following is an advantage of the user support group form of training?
A) Usually conducted in an informal social setting
B) Formal training plan
C) Can be live, or can be archived and viewed at the trainee's convenience
D) Can be customized to the needs of the trainee
Q3) What is the Chief Information Security Office primarily responsible for?
To view all questions and flashcards with answers, click on the resource link above.
Chapter 6: Risk Management: Identifying and Assessing Risk
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50840
Sample Questions
Q1) Which of the following is an example of a technological obsolescence threat?
A) Hardware equipment failure
B) Unauthorized access
C) Outdated servers
D) Malware
Q2) What does it mean to 'know the enemy' with respect to risk management?
Q3) What should you be armed with to adequately assess potential weaknesses in each information asset?
A) Properly classified inventory
B) Audited accounting spreadsheet
C) Intellectual property assessment
D) List of known threats
Q4) Discuss the trends in frequency of attacks and how that plays into a risk management strategy.
Q5) Which of the following is an attribute of a network device is physically tied to the network interface?
A) Serial number
B) MAC address
C) IP address
D) Model number
Page 8
To view all questions and flashcards with answers, click on the resource link above.
Chapter 7: Risk Management: Controlling Risk
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50841
Sample Questions
Q1) The calculated value associated with the most likely loss from a single attack.
A) defense risk control strategy
B) mitigation risk control strategy
C) acceptance risk control strategy
D) termination risk control strategy
E) risk appetite
F) cost-benefit analysis
G) cost avoidance
H) asset valuation
I) organizational feasibility
J) single loss expectancy
Q2) Discuss three alternatives to feasibility analysis.
Q3) Which of the following determines acceptable practices based on consensus and relationships among the communities of interest.
A) organizational feasibility
B) political feasibility
C) technical feasibility
D) operational feasibility
Q4) What are the four stages of a basic FAIR analysis?
Q5) What is the OCTAVE method approach to risk management?
To view all questions and flashcards with answers, click on the resource link above. Page 9
Chapter 8: Security Management Models
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50842
Sample Questions
Q1) Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?
A) Discretionary access controls
B) Task-based access controls
C) Security clearances
D) Sensitivity levels
Q2) ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n)____________________.
Q3) Dumpster delving is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information.
A)True
B)False
Q4) Which piece of the Trusted Computing Base's security system manages access controls?
A) trusted computing base
B) reference monitor
C) covert channel
D) verification module
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Security Management Practices
Available Study Resources on Quizplus for this Chatper
59 Verified Questions
59 Flashcards
Source URL: https://quizplus.com/quiz/50843
Sample Questions
Q1) When choosing from among recommended practices,an organization should consider a number of questions. List four.
Q2) What are the legal requirements that an organization adopt a standard based on what a prudent organization should do,and then maintain that standard?
A) Certification and accreditation
B) Best practices
C) Due care and due diligence
D) Baselining and benchmarking
Q3) Problems with benchmarking include all but which of the following?
A) Organizations don't often share information on successful attacks
B) Organizations being benchmarked are seldom identical
C) Recommended practices change and evolve, thus past performance is no indicator of future success
D) Benchmarking doesn't help in determining the desired outcome of the security process
Q4) Why must you do more than simply list the InfoSec measurements collected when reporting them? Explain.
Q5) Describe the three tier approach of the RMF as defined by NIST SP 800-37.
Q6) Compare and contrast accreditation and certification.
Page 11
To view all questions and flashcards with answers, click on the resource link above.
Chapter 10: Planning for Contingencies
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50844
Sample Questions
Q1) In which contingency plan testing strategy do individuals follow each and every IR/DR/BC procedure,including the interruption of service,restoration of data from backups,and notification of appropriate individuals?
A) Desk check
B) Simulation
C) Structured walk-through
D) Full-interruption
Q2) A(n)____________________ is a document containing contact information of the individuals to notify in the event of an actual incident.
Q3) Which of the following has the main goal of restoring normal modes of operation with minimal cost and disruption to normal business activities after an adverse event?
A) Risk management
B) Contingency planning
C) Business response
D) Disaster readiness
Q4) What are the major components of contingency planning?
Q5) There are six key elements that the CP team must build into the DR Plan. What are three of them?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Personnel and Security
Available Study Resources on Quizplus for this Chatper
60 Verified Questions
60 Flashcards
Source URL: https://quizplus.com/quiz/50845
Sample Questions
Q1) Briefly describe the classifications of InfoSec positions as defined by Schwartz et al.
Q2) A conspiracy or cooperation between two or more individuals or groups to commit illegal or unethical actions is known as racketeering.
A)True
B)False
Q3) Most hiring organizations are aware of the precise value of information security certifications because these programs have been in existence for a long time.
A)True
B)False
Q4) Which of the following policies makes it difficult for an individual to violate InfoSec and is quite useful in monitoring financial affairs?
A) Task rotation
B) Mandatory vacations
C) Separation of duties
D) Job rotation
Q5) Describe the SSCP certification. How does it compare to the CISSP?
Q6) List the six key principles that should shape the career of a CISO.
To view all questions and flashcards with answers, click on the resource link above.
Page 13
Chapter 12: Protection Mechanisms
Available Study Resources on Quizplus for this Chatper
61 Verified Questions
61 Flashcards
Source URL: https://quizplus.com/quiz/50846
Sample Questions
Q1) List the most common firewall implementation architectures.
Q2) The ability to restrict specific services is a common practice in most modern routers,and is invisible to the user.
A)True
B)False
Q3) Was developed by Netscape in 1994 to provide security for online e-commerce transactions.
A) VPN
B) transport mode
C) SSL
D) PKI
E) digital certificate
F) asymmetric encryption
G) Vernam cipher
H) transposition cipher
I) content filter
J) footprinting
Q4) ____________ is a technology in which multiple real,routable external IP addresses are converted to special ranges of internal IP addresses,usually on a one-to-one basis.
Page 14
To view all questions and flashcards with answers, click on the resource link above.