1602 Final Exam Questions & Correct Solutions

T/F Information security policies are designed to provide structure in the workplace and explain the will of the organization's management. {Ans: False}A process focused on the identification and location of potential evidence related to a specific legal action after it was collected through digital forensics is known as {Ans: E-Discovery}In which technique does a group rate or rank a set of information, compile the results, and repeat until everyone is satisfied with the result? {Ans: Delphi}Medium-sized organizations tend to spend approximately __________ percent of the total IT budget on security. {Ans: 11%}An estimate made by the manager using good judgment and experience can account for which factor of risk assessment? {Ans: Risk Identification}T/F A hot site is a fully configured computing facility that includes all services, communications links, and physical plant operations. {Ans: True}T/F Standards are established at one or two levels below the C-Level {Ans: False}For an organization to manage its InfoSec risk properly, managers should understand how information is __________. {Ans: Collected, Processed, Stored, and Transmitted}After an incident, but before returning to its normal duties, the CSIRT must do which of the following? {Ans: Conduct an After-Action Review}A(n) __________