国际信息安全CISSP最新官方习题集,我们将CISSP分成五个重点领域,按五个领域搜集了最新的CISSP习题,每天几道题,查漏补缺,温故知新!
(1)Alyssa is responsible for her organization"s security awareness program.She is concerned that changes in technology may make the content outdated What control can she put in place to protect against this risk?Alyssa负责她所在组织的安全意识项目。她担心技术的变化可能会使内容过时。她可以采取什么控制措施来防范这种风险?
A.Gamification游戏化
B.Computer-based training基于计算机的培训。
C.Content reviews内容审查
D.Live training现场培训
答案:C Alyssa should use periodic content reviews to continually verify that the content in her program meets the organization"s needs and is up-to-date based upon the evolving risk landscape.She may do this using a combination of computer-based training,live training,and gamification,but those techniques do not necessarily verify that the content is updated Alyssa应定期进行内容审查,以不断验证其计划中的内容是否满足组织的需求,并根据不断变化的风险状况进行更新。她可以通过结合使用基于计算机的培训、现场培训和游戏化来实现这一点,但这些技术不一定能验证内容是否更新。
(2)Gavin is creating a report to management on the results of his most recent risk assessment.In his report,he would like to identify the remaining level of risk to the organization after adopting security controls.What term best describes this current level of risk?
Gavin正在向管理层提交一份关于他最近一次风险评估结果的报告。在报告中,他希望确定采取安全控制后组织面临的剩余风险水平。哪个术语最能描述当前的风险水平?
A.Inherent risk固有风险
B.Residual risk残余风险
C.Control risk控制风险
D.Mitigated risk已缓解风险
答案:B The residual risk is the level of risk that remains after controls have been applied to mitigate risks.Inherent risk is the original risk that existed prior to the controls.Control risk is new risk introduced by the addition of controls to the environment.Mitigated risk is the risk that has been addressed by existing controls.
残余风险是指在采取控制措施以降低风险后仍然存在的风险水平。固有风险是控制之前存在的原始风险。控制风险是通过向环境中添加控制措施而引入的风险风险。已缓解的风险是指已通过现有控制措施解决的风险。
(3)FlyAway Travel has offices in both the European Union(EU)and the United States and transfers personal information between those offices regularly.They have recently received a request from an EU customer requesting that their account be terminated.
Under the General Data Protection Regulation(GDPR),which requirement for processing personal information states that individuals may request that their data no onger be disseminated or processed?
FlyAway Travel,在欧盟(EU)和美国都设有办事处,并定期在这些办事处之间交换个人信息。他们最近收到了一位欧盟客户的请求,要求终正他们的账户。
根据“一般资料保护规例”(GDPR),处理个人资料的哪一项规定,个人可要求不再传播或处理其数据?( )
A.The right to access访问的权利
B.Privacy by design通过设计实现隐私
C.The right to be forgotten被遗忘的权利
D.The right of data portability数据可携带权
答案:C The right to be forgotten,also known as the right to erasure,guarantees the data subject the ability to have their information removed from processing or use.It may be tied to consent given for data processing;if a subject revokes consent for processing,the data controller may need to take additional steps,including erasure.
被遗忘权,也称为擦除权,保证数据主体能够将其信息从处理或使用中删除。它可能与数据处理的同意有关:如果主体撤销了处理同意,数据控制器可能需要采取其他步骤,包括擦除。