Chapter 2 Domain 1: information security governance and risk management
1. Which of the following would be an example of a policy statement?
A. Protect PII by hardening servers
B. Harden Windows 7 by first installing the prehardened OS image
C. You may create a strong password by choosing the first letter of each word in a sentence and mixing in numbers and symbols
D. Download the CISecurity Windows benchmark and apply it
Correct Answer and Explanation: A. Answer A is correct; policy is high level and avoids technology specifics.
Incorrect Answers and Explanations: B, C, and D. Answers B, C, and D are incorrect. B is a procedural statement. C is a guideline. D is a baseline.
2. Which of the following describes the money saved ...