Security Assessment and Testing QUESTION 21 What is a key performance indicator

Question

Security Assessment and Testing

QUESTION 21

What is a key performance indicator (KPI)?

A derived value that is generated by comparing multiple measurements against each other or against a baseline

An interpretation of one or more metrics that describes the effectiveness of the ISMS

The value of a factor at a particular point in time

Any attribute of the ISMS that can be described as a value

3.85 points   

QUESTION 22

Which of the following is an advantage of using third-party auditors?

The requirement for NDAs and supervision.

They may have knowledge that an organization wouldn’t otherwise be able to leverage.

Their cost.

Their use of automated scanners and reports.

3.85 points   

QUESTION 23

An assessment whose goal is to assess the susceptibility of an organization to social engineering attacks is best classified as

Personnel testing

Vulnerability testing

Physical testing

Network testing

3.85 points   

QUESTION 24

How might one test adherence to the user accounts policy?

User records auditing

User self-reporting

Penetration testing

Management review

3.85 points   

QUESTION 25

Code reviews include all the following except which one?

Fuzzing the code

Ensuring the code conforms to applicable coding standards

Agreeing on a “disposition” for the code

Discussing bugs, design issues, and anything else that comes up about the code

3.85 points   

QUESTION 26

Data backup verification efforts should

Focus on user data

Be based on the threats to the organization

Have the smallest scope possible

Maximize impact on business

A derived value that is generated by comparing multiple measurements against each other or against a baseline

An interpretation of one or more metrics that describes the effectiveness of the ISMS

The value of a factor at a particular point in time

Any attribute of the ISMS that can be described as a value

Explanation / Answer

What is a key performance indicator (KPI)? - A derived value that is generated by comparing multiple measurements against each other or against a baseline

Which of the following is an advantage of using third-party auditors? - They may have knowledge that an organization wouldn’t otherwise be able to leverage

An assessment whose goal is to assess the susceptibility of an organization to social engineering attacks is best classified as - Personnel testing

How might one test adherence to the user accounts policy? - Penetration testing

Code reviews include all the following except which one? - Fuzzing the code

Data backup verification efforts should - Be based on the threats to the organization

Please let me know in case of any clarifications required. Thanks!

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.