CISSO TYK - Mile2 Cybersecurity Certifications

Domain One: Risk Management

When an organization has very little history of previous attacks or is uncertain of the impact or likelihood of risk scenarios, which is a better risk assessment approach?

a. Quantitative
b. Hybrid
c. Failure Modes and Effects (FMEA)
d. Qualitative

Answer

Answer D – A qualitative approach uses the expert input of all stakeholders to rank the level (degree) of impact an incident would have on the business - often through a Delphi method of data gathering.

What is the primary deliverable of a risk analysis effort?

a. Risk Register
b. Risk Assessment Report
c. Business Impact Analysis
d. Risk mitigation strategy

Answer

Answer B - The primary deliverable of a risk assessment should be a risk assessment report. This report outlines the identified risk, the severity of the risk, and suggestions for risk response. This information will guide the risk response effort in the next phase of risk management.

Jason has to decide the best way to respond to an identified risk to a critical product or service. What is the best alternative if the cost of reducing the risk would exceed the benefit obtained?

a. Risk Avoidance
b. Risk Transference
c. Risk Acceptance
d. Risk Reduction

Answer

Domain Two - Security Management

1) What is the role of the Information Owner?

a. Ensure the protection of data they own at all times, on all systems
b. Protect information in their department
c. Safeguard information on the systems they own
d. Determine the correct way to back-up their information

Answer

Answer A – the role of the information owner is to be responsible for the protection of information at all points during the information lifecycle – from the time the information is first received, through all the processing, storage and communication of the information until the time when the information is discarded.

3) What is the best treatment for the problem of social engineering?

a. Strict disciplinary policy
b. Awareness training
c. Prompt investigation of all incidents
d. Follow-up and evaluation of policy

Answer

Answer B – awareness training may be the only effective way to treat the problem of social engineering. There is no technical solution that will address the threat of social engineering properly.

2) What is the role of Senior Management?

a. Set out the proper procedures for handling information
b. Determine the appropriate baseline controls for systems components
c. Be ultimately accountable for information security
d. Lead any investigations into security breaches

Answer

Answer C – Senior management is ultimately accountable for all the assets of the organization including the information security program.

Domain One: Risk Management

When an organization has very little history of previous attacks or is uncertain of the impact or likelihood of risk scenarios, which is a better risk assessment approach?

Answer

What is the primary deliverable of a risk analysis effort?

Answer

Jason has to decide the best way to respond to an identified risk to a critical product or service. What is the best alternative if the cost of reducing the risk would exceed the benefit obtained?

Answer

Domain Two - Security Management

1) What is the role of the Information Owner?

Answer

3) What is the best treatment for the problem of social engineering?

Answer

2) What is the role of Senior Management?

Answer

Please Note: