Solved by verified expert :1.
Which of the following is
true of procedures?
A.
Procedures focus on sequential
actions or steps, which are the instructions needed to carry out a policy
statement.
B.
Procedures must be changed
every 30 days.
C.
Procedures are a prerequisite
to developing a policy; they must exist before you can write a policy.
D.
Procedures are suggestions for
the best way to accomplish a certain task.
2.
In which of the following
policy elements should the policy number appear?
A.
Policy heading
B.
Policy statement of purpose
C.
Policy objectives
D.
Statement of authority
3.
Which of the following do
the Graham-Leach-Bliley Act (GLBA) and the Health Insurance Portability and
Accountability Act (HIPAA) require in an organization’s information security
policy?
A.
The date the policy was written
and revised
B.
A schedule for future policy
review and revision
C.
A statement with consequences
of violating the policy
D.
All of the above
4.
Which of the following is
true of policy elements?
A.
They are only standards,
guidelines, and procedures
B.
Policy elements are an optional
component of a policy
C.
Best practice dictates that all
policy elements should be included in the policy document itself
D.
They depend on, and support each
other, while supporting the document as a whole
5.
Which of the following is
NOT one of the common pitfalls encountered when policy companions (standards,
guidelines, and procedures) are combined into the same document as the policy
itself?
A.
Difficult to implement
B.
Difficult to manage
C.
Difficult to update
D.
Difficult to justify
6.
Which of the following
questions is answered by the policy objective?
A.
Why
B.
How
C.
What
D.
When
7.
Where would you find the
name of your company and the effective date of the policy you’re looking at?
A.
Policy heading
B.
Policy objectives
C.
Policy statement of purpose
D.
Statement of authority
8.
Which of the following is
an easy mistake, which should be avoided when preparing the policy statement of
purpose?
A.
Attempt to get too detailed
B.
Forget to include the signature
line
C.
Omit the effective date of the
policy
D.
Describe in broad terms how the
policy will be implemented
9.
Which of the following is NOT
a way in which the policy definitions make the policy better?
A.
Policy definitions enable the
target audience to better understand the policy
B.
Policy definitions help to
provide a legal baseline
C.
Policy definitions make the
policy look like other official documents
D.
Policy definitions make the
policy document more efficient
10.
The disciplinary process
indicated in an information security policy enforcement clause usually includes
which of the following most severe punishments?
A.
Dismissal or criminal
prosecution
B.
Loss of one month’s pay
C.
Demotion to a lower level
D.
Transfer to another division in
the company
