254 ◾ Official (ISC)
2
® Guide to the ISSMP® CBK®
© 2011 by Taylor & Francis Group, LLC
10. What is the enterprise risk posture?
a. Intentionally assumed position of safeguards throughout the entire
organization
b. e probability of specic eventualities throughout the entire organization
c. e aggregation of all the safeguards and precautions that mitigate risk
d. e formal articulation of an intentionally assumed position on dealing
with potential negative impact
11. What is data exltration?
a. e unauthorized use of USB devices
b. e unauthorized transmission of data between departments
c. e unauthorized transmission of data into the organization from a service
provider
d. e unauthorized transmission of data out of the organization
12. Which of the following groups is not representative of the nine core security
principles?
a. Nonrepudiation, possession, utility
b. Authorized use, privacy, authorized access
c. Condentiality, integrity, authenticity
d. Availability, privacy, utility
13. Which of the following is true about a Security Compliance Management
Program (SCMP)?
a. Governance identies and enumerates all relevant security compliance
requirements. ese may include legislation, regulation, directives,
instructions, contractual obligations, and good business practice.
b. e planning function determines the appropriate steps to take to estab-
lish and maintain compliance. e results of planning will include a list
of necessary security technologies to insert in IT operations.
c. Implementation takes the policies, standards, procedures, and guide-
lines and inserts them into information technology systems. Deployment
makes compliance part of daily operations throughout the enterprise.
d. e role of adjudication is to resolve conicts in the best interest of enter-
prise senior management and executives.
14. Which of the following is false about system hardening?
a. System hardening is the elimination of known vulnerabilities, exploits,
and generally turning o or uninstalling unnecessary functions.
b. Each operating system, each version of the same operating system, and
each patch release of the same operating system may have a dierent pro-
cedure for hardening the system.
c. Disabling unused services will require OS parameter changes at the kernel
or registry level, or modications to services that initiate or run at startup.
d. None of the above.
15. What is the dierence between legislative management and litigation
management?