1. Which of the following best describes how the penalties defined in the Policy Enforcement Clause.

1.
Which of the following best
describes how the penalties defined in the Policy Enforcement Clause should
relate to the infractions?
A.
Any infraction should result in
suspension or termination
B.
The same penalty should apply
each time an infraction occurs
C.
The penalty should be
proportional to the level of risk incurred as a result of the infraction
D.
Penalties should be at the
discretion of management

2.
Which of the following best
describes how policy exception requests should be handled?
A.
Requestors should only be
notified after their exception requests are approved
B.
Requestors should always
receive a response to any request, whether approved or not
C.
Requestors should be notified
why their exception requests were denied, so they can do a better job the next
time
D.
Requestors should be able to
count on a seven-day turnaround on any policy exception request

3.
Which of the following
describes how much of the final policy document is typically made up of policy
statements?
A.
The policy statement is one section
of the final policy document
B.
Policy statements appear
throughout the final policy document
C.
Policy statements typically
represent about 45% of the final policy document
D.
The bulk of the final policy
document is composed of policy statements

4.
Which of the following best
describes when the policy audience is most likely to include people outside the
organization?
A.
The policy audience needs to
include people outside the organization whenever those people are involved with
an aspect of the organization or its information
B.
Any policy audience generally
includes people outside the organization, because companies depend so heavily
on outsourcing these days
C.
People outside the organization
should not be part of the policy audience, because there is no way to apply the
policy enforcement clause against them
D.
This is spelled out in the
non-disclosure agreement

5.
Which of the following best
represents a Policy Statement of Purpose for a credit card company’s
Graham-Leach-Bliley Act compliance policy?
A.
Comply with federal law, by
mailing annual disclosures to customers
B.
Mail annual disclosures to
customers, and conduct annual training for employees
C.
Comply with federal law, in
order to protect the company’s reputation
D.
Protect customers’ personal
information

6.
Which of the following
parts of an organization’s software policy would most likely indicate that any
new software purchases be made only from the approved software products list?
A.
Policy statement of purpose
B.
Policy exceptions
C.
Policy objective
D.
Policy audience

7.
Which of the following is
the MOST important rule of thumb to follow when developing the policy heading?
A.
The policy number must be
included in the policy heading
B.
Ensure its structure is
scalable, so that it is able to accommodate changes in the future, without
losing its original organization
C.
Plan to spend the most time
working on the policy heading; it is the most important part of the document
D.
Ensure the policy heading
contains all the same information as every other policy
8.
Which of the following is true of the
Statement of Authority?
A.
It is usually not found in each
individual policy, and serves as a preface to a group of policies and the
entire information security program
B.
It should strike fear into the
hearts of all readers, in order to get them to take the policy seriously
C.
It should contain very strict
language, in order to impress people with its importance
D.
It must appear in each
individual policy, because it explains the company’s motivation for developing
the policies

9.
In which of the following
ways does understanding policy elements help you interpret your organization’s
information security policies?
A.
Awareness of policy elements
helps you determine the strength of the policy, and whether you should take it
seriously
B.
If you understand policy
elements, you will be able to change the policies
C.
Knowing the purpose and goal of
each section of the policy can help you better understand the intent of the
policy, as well as how the policy applies to you
D.
You need to know the policy
elements in order to determine which parts of the policy apply to you

10.
If you are assigned to author
your company’s information security policies, which of the following is the
MOST important thing to do first?
A.
Look at all the other policies
to get an idea of how they are written
B.
Plan before you write
C.
Determine when they are due
D.
Express thanks for being given
such a good assignment

“Get 15% discount on your first 3 orders with us”
Use the following coupon
FIRST15

Order Now