Q1. The aim of ____ is to maintain an optimum and secure relationship between each of the company's business processes and their respective information security functions.

a. formal governance
b. informal governance
c. formal auditing
d. formal planning

Q2. ____ bundles mutually supporting government initiatives into a single coordinated effort to ensure the security of cyberspace and includes the establishment of a coordinated national capability to identify and remediate computer vulnerabilities.

a. CHCI, 2008
b. CCNI, 2008
c. CNCI, 2008
d. CICN, 2008

Q3. In order for a defense to be effective, all of the requisite ____ have to be in place and properly coordinated.

a. assets
b. intrusions
c. countermeasures
d. backup controls

Q4. A(n) ____ that only reflects the focus and interests of a single field will almost certainly have exploitable holes in it.

a. offense
b. defense
c. control
d. mitigation

Q5. The ____ of a piece of information might be derived from the importance of the idea, or the criticality of the decision, or it can represent simple things like your bank account number.

a. value
b. cost
c. effectiveness
d. assessment

Q6. Meaningful evidence to support operational risk analysis and patch management processes is typically derived from the results of ____ testing.

a. operation
b. penetration
c. application
d. network

Q7. The ____ professional gathers evidence from any computers or digital media that might be implicated in the wrongdoing and supports any legal or regulatory action.

a. security compliance
b. risk management
c. incident
d. digital forensics

Q8. The formal assurance that evidence has passed from agency to agency without tampering is known as the ____.

a. chain of review
b. chain of care
c. chain of custody
d. chain of control

Q9. The ____ is typically responsible for establishing the physical security program, which involves the steps to align the practices of the physical security program with the overall security goals of the organization.

a. IT security compliance professional
b. IT operations professional
c. digital forensics professional
d. IT security professional

Q10. Incident management has both an electronic and a physical focus to it.

a. True
b. False

Q11. ____ are data that can be used to identify a single individual.

a. Logical security controls
b. Personally identifiable information
c. Virtual security controls
d. Permanent security controls

Q12. The ____ is responsible for ensuring that Personally Identifiable Information (PII) is protected.

a. certification specialist
b. risk specialist
c. privacy specialist
d. subject matter expert

Q13. The CIO is accountable for protecting data and information from harm caused by natural events, like earthquakes.

a. True
b. False

Q14. The ____ oversees the work of the other information security professionals and typically develops the policies for the information security function.

a. security architect
b. CIO
c. ISO
d. security engineer

Q15. The ____ ensures the enterprise's compliance with all relevant contracts, stands, laws or regulations.

a. SCO
b. ISO
c. CIO
d. SSO

Q16. ____ is the process of placing a coherent set of countermeasures to mitigate all identified risks based on asset vulnerability and identified threats.

a. Threat management
b. Risk management
c. Profile management
d. Project management

Q17. The specific organization-wide approach to security is known as the ____.

a. security foundation
b. security solution
c. security strategy
d. security policy

Q18. The SCO reports any emerging threats to the role responsible for developing security controls, typically the CIO.

a. True
b. False

Q19. The coordination and control process must maintain the traceability between each ____ and the purposes of the generic recommendation it implements.

a. individual work instruction
b. group work instruction
c. individual task
d. group task

Q20. The aim of any ____ process is to define the set of work instructions that have the greatest chance of accomplishing the purposes of the recommendation.

a. design
b. tailoring
c. build
d. manage

Q21. ____ give the implementation process the required flexibility.

a. Tasks
b. Roles
c. Work instructions
d. Work roles

Q22. In practice, there are likely to be instances where the situation just doesn't fit the recommendations of the EBK.

a. True
b. False

Q23. The roles and their asosciated competencies are broken down into functions. ____ functions are those that relate to the conceptualization and development of security-related functionality.

a. Manage
b. Implement
c. Design
d. Evaluate

Q24. All of the behaviors that the creators of the EBK deemed necessary to ensure fundamentally proper security were categorized into ____ competency areas.

a. 10
b. 12
c. 14
d. 16

Q25. The evaluation plan has to specify the provisions to assure the continuing ____ of the overall security process.

a. compliance
b. renewal
c. trustworthiness
d. revision