1. Which of the following best describes how the penalties

1.Which of the following bestdescribes how the penalties defined in the Policy Enforcement Clause shouldrelate to the infractions?A.Any infraction should result insuspension or terminationB.The same penalty should applyeach time an infraction occursC.The penalty should beproportional to the level of risk incurred as a result of the infractionD.Penalties should be at thediscretion of management
2.Which of the following bestdescribes how policy exception requests should be handled?A.Requestors should only benotified after their exception requests are approvedB.Requestors should alwaysreceive a response to any request, whether approved or notC.Requestors should be notifiedwhy their exception requests were denied, so they can do a better job the nexttimeD.Requestors should be able tocount on a seven-day turnaround on any policy exception request
3.Which of the followingdescribes how much of the final policy document is typically made up of policystatements?A.The policy statement is one sectionof the final policy documentB.Policy statements appearthroughout the final policy documentC.Policy statements typicallyrepresent about 45% of the final policy documentD.The bulk of the final policydocument is composed of policy statements
4.Which of the following bestdescribes when the policy audience is most likely to include people outside theorganization?A.The policy audience needs toinclude people outside the organization whenever those people are involved withan aspect of the organization or its informationB.Any policy audience generallyincludes people outside the organization, because companies depend so heavilyon outsourcing these daysC.People outside the organizationshould not be part of the policy audience, because there is no way to apply thepolicy enforcement clause against themD.This is spelled out in thenon-disclosure agreement
5.Which of the following bestrepresents a Policy Statement of Purpose for a credit card companyâ€sGraham-Leach-Bliley Act compliance policy?A.Comply with federal law, bymailing annual disclosures to customersB.Mail annual disclosures tocustomers, and conduct annual training for employeesC.Comply with federal law, inorder to protect the companyâ€s reputationD.Protect customers†personalinformation
6.Which of the followingparts of an organizationâ€s software policy would most likely indicate that anynew software purchases be made only from the approved software products list?A.Policy statement of purposeB.Policy exceptionsC.Policy objectiveD.Policy audience
7.Which of the following isthe MOST important rule of thumb to follow when developing the policy heading?A.The policy number must beincluded in the policy headingB.Ensure its structure isscalable, so that it is able to accommodate changes in the future, withoutlosing its original organizationC.Plan to spend the most timeworking on the policy heading; it is the most important part of the documentD.Ensure the policy headingcontains all the same information as every other policy8.Which of the following is true of theStatement of Authority?A.It is usually not found in eachindividual policy, and serves as a preface to a group of policies and theentire information security programB.It should strike fear into thehearts of all readers, in order to get them to take the policy seriouslyC.It should contain very strictlanguage, in order to impress people with its importanceD.It must appear in eachindividual policy, because it explains the companyâ€s motivation for developingthe policies
9.In which of the followingways does understanding policy elements help you interpret your organizationâ€sinformation security policies?A.Awareness of policy elementshelps you determine the strength of the policy, and whether you should take itseriouslyB.If you understand policyelements, you will be able to change the policiesC.Knowing the purpose and goal ofeach section of the policy can help you better understand the intent of thepolicy, as well as how the policy applies to youD.You need to know the policyelements in order to determine which parts of the policy apply to you
10.If you are assigned to authoryour companyâ€s information security policies, which of the following is theMOST important thing to do first?A.Look at all the other policiesto get an idea of how they are writtenB.Plan before you writeC.Determine when they are dueD.Express thanks for being givensuch a good assignment