Certified Chief Information Security Officer( CCISO ) Quiz Questions and Answers

What is the main purpose of the Incident Response Team?

Answer :
  • Ensure efficient recovery and reinstate repaired systems

When project costs continually increase throughout implementation due to large or rapid changes in customer or user requirements, this is commonly known as:

Answer :
  • Scope creep

An organization has decided to address information security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant, but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud. Which of the following is the most likely reason for this fraud?

Answer :
  • Lack of compliance to the Payment Card Industry (PCI) standards

A CISO has implemented a risk management capability within the security portfolio. Which of the following terms best describes this functionality?

Answer :
  • Program

Which of the following are primary concerns for management about assessing internal control objectives?

Answer :
  • Confidentiality, Availability, Integrity

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data, it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. The help desk is then flooded with complaints about the slow performance of the laptops and users are upset. Which of the following best describes what the CISO did wrong?

Answer :
  • Failed to identify all stakeholders and their needs

As a new CISO at a large healthcare company, you are told that everyone has to badge in to get in the building. Below your office window, you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer, you see there is no badge reader. What should you do?

Answer :
  • A physical risk assessment on the facility

Which of the following is the most important reason for performing assessments of the security portfolio?

Answer :
  • To assure that the portfolio is aligned to the needs of the broader organization

A CISO sees abnormally high volumes of exceptions to security requirements and constant pressure from business units to change security processes. Which of the following represents the most likely cause of this situation?

Answer :
  • Poor alignment of the security program to business needs

An anonymity network is a series of?

Answer :
  • Virtual network tunnels