Certified Chief Information Security Officer( CCISO ) Quiz Questions and Answers

As the CISO, you need to create an IT security strategy. Which of the following is the most important thing to review before you start writing the plan?  

Answer :
  • The company business plan 

Explanation :

Dog and Cat are not birds so they don't have wings.

The primary purpose of a risk register is to_______.

Answer :
  • Track individual risk assessments

Explanation :

This is explanation for the given question

What is the most secure way to mitigate the theft of corporate information from a laptop that was left in a hotel room?

Answer :
  • Encrypt the data on the hard drive

Explanation :

Encrypt the data on the hard drive

Information assets should be identified and classified to enable protection and safeguards. Which of the following is not an information asset as defined by the standards?

Answer :
  • Canteen supplies

Explanation :

This is an information asset.

To reduce the attack surface of a system, administrators should perform which of the following processes to remove unnecessary software, services, and insecure configuration settings?

Answer :
  • Hardening

Explanation :

Hardening

Who in the organization determines access to the information?

Answer :
  • Data Owner

A CISO has several two-factor authentication systems under review and selects the one that is most sufficient and least costly. The implementation project planning is completed, and the teams are ready to implement the solution. The CISO then discovers that the product is not as scalable as originally thought and will not fit the organization’s needs. What is the most logical course of action the CISO should take?

Answer :
  • Review the original solution set to determine if another system would fit the organization’s risk appetite and budget.

Which of the following is the best indicator of a successful project?

Answer :
  • The deliverables are accepted by the key stakeholders 

When would it be more desirable to develop a set of decentralized security policies and procedures within an enterprise environment?

Answer :
  • When the enterprise is made up of many business units with diverse business activities, risks profiles and regulatory requirements.

Your corporate systems have been under constant probing and attack from foreign IP addresses for more than a week. Your security team and security infrastructure have performed well under the stress. You are confident that your defenses have held up under the test, but rumors are spreading that sensitive customer data has been stolen and is now being sold on the Internet by criminal elements. During your investigation of the rumored compromise, you discover that data has been breached and that the repository of stolen data is on a server located in a foreign country. Your team now has full access to the data on the foreign server. What action should you take first? 

Answer :
  • Consult with other executives to develop an action plan