Your company has a “no right to privacy” notice on all logon screens for your information systems and users sign an Acceptable Use Policy informing them of this condition. A peer group member and friend comes to you and requests access to one of her employee’s email account. What should you do? (choose the BEST answer):
Grant her access, the employee has been adequately warned through the AUP.
Assist her with the request, but only after her supervisor signs off on the action.
Reset the employee’s password and give it to the supervisor.
Deny the request citing national privacy laws.
Correct answer: B
Question 2
Acme Inc. has engaged a third party vendor to provide 99.999% up-time for their online web presence and had them contractually agree to this service level agreement. What type of risk tolerance is Acme exhibiting? (choose the BEST answer):
low risk-tolerance
high risk-tolerance
moderate risk-tolerance
medium-high risk-tolerance
Correct answer: A
Question 3
The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):
Failed to identify all stakeholders and their needs
Deployed the encryption solution in an inadequate manner
Used 1024 bit encryption when 256 bit would have sufficed
Used hardware encryption instead of software encryption