CSIA 485 Quiz 2B
Quiz #2: CCISO Domain #2 - Results
Attempt 2 of 3
Attempt Score
Overall Grade (Highest Attempt)
Question 1
Which NIST minimum security controls baseline would be used where loss of confidentiality,
integrity, or availability could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals?
Question options:
Moderate-Impact Baseline
No-Impact Baseline
High-Impact Baseline
Low-Impact Baseline
Hide question 1 feedback
Feedback
Correct!
Question 2 points
What is the emphasis of an internal audit?
Question options:
Improve Processes
Find Faults and Failures
Test Controls
, Review Controls
Hide question 2 feedback
Feedback
Correct!
Question 3 points
When an audit reveals control deficiencies what should be the priority for remediation?
Question options:
Those that will be replaced with new controls
The category with the most deficiencies
The most easily accomplished
The highest risk items
Hide question 3 feedback
Feedback
Correct!
Question 4 points
Which area of security concerns how an organization identifies legal and regulatory statutes it
must adhere to and monitors and reports on the adherence to each applicable law, regulation,
or standard?
Question options:
Asset Management
Audit Management
Quiz #2: CCISO Domain #2 - Results
Attempt 2 of 3
Attempt Score
Overall Grade (Highest Attempt)
Question 1
Which NIST minimum security controls baseline would be used where loss of confidentiality,
integrity, or availability could be expected to have a severe or catastrophic adverse effect on
organizational operations, organizational assets, or individuals?
Question options:
Moderate-Impact Baseline
No-Impact Baseline
High-Impact Baseline
Low-Impact Baseline
Hide question 1 feedback
Feedback
Correct!
Question 2 points
What is the emphasis of an internal audit?
Question options:
Improve Processes
Find Faults and Failures
Test Controls
, Review Controls
Hide question 2 feedback
Feedback
Correct!
Question 3 points
When an audit reveals control deficiencies what should be the priority for remediation?
Question options:
Those that will be replaced with new controls
The category with the most deficiencies
The most easily accomplished
The highest risk items
Hide question 3 feedback
Feedback
Correct!
Question 4 points
Which area of security concerns how an organization identifies legal and regulatory statutes it
must adhere to and monitors and reports on the adherence to each applicable law, regulation,
or standard?
Question options:
Asset Management
Audit Management
