1) Employee behavior in an organization is
a)usally far from optional
b)prone to create secure work environments
c)not subject to policies and guidance
d)similar to machines
2)Which of the following statements is true regarding organizational policy and security awareness training?
a)Employee attitudes toward security awareness training can range from indifferent to eager.
b)Employees’ willingness to work and learn is universal across different organization.
c)Employees’ adherence to security policy is solely dependent upon the organization’s structure.
d)You can only create an organizational policy framework to define policies in flat organizations.
3)Executive management, IT security policy enforcement monitoring, and human resources, all must have a unified front regarding the:
a)size and structure of the organization.
b)management structure and advancement opportunities.
c)issuance of executive orders within the organization.
d)disciplinary treatment of policy violations.
4)Which of the following areas of the organization is responsible for establishing the policy commitment and implementation for the entire organization?
a)Executive Management
b)Supervisory-Level Management
c)Human Resources
d)IT Security Policy Enforcement Monitoring
5)Which of the following areas of the organization conducts system logging, content filtering logging, and e-mail filtering logging with automated reporting for monthly or quarterly policy compliance reviews?
a)Executive Management
b)Supervisory-Level Management
c)Human Resources
d)IT Security Policy Enforcement Monitoring
Question 6
Which of the following areas of the organization is responsible for ensuring that employees, contractors, and consultants conform to all organizational policies?
a)Executive Management
b)Supervisory-Level Management
c)Human Resources
d)IT Security Policy Enforcement Monitoring
7)Violations of security policies are considered to be a(n) __________ issue upon which proper disciplinary actions must be taken.
a)law enforcement
b)employer-employee
c)executive-staff
d)implementation
8)Depending on the violation’s severity, repeat or continued violations of organization-wide policies might be grounds for:
a)refusing to pay earned wages.
b)denying overtime assignments.
c)termination of employment.
d)limiting an employee’s Internet access.
9)Flat organizational structures are characterized by a management structure that:
a)is cross-functional and more open to employee input.
b)places all decision making at the executive management level.
c)provides limited access and connectivity to employees.
d)considers employee contributions to be of no value.
10)Hierarchical organizational structures are characterized by departments that are separated by:
a)creativity level.
b)salary level, creating animosity between departments.
c)teams, creating competitiveness between departments.
d)function, creating multiple functional silos.
11)In hierarchical organizational structures, communication between employees tends to:
a)be very difficult to achieve at all.
b)occur across organizational functions.
c)be more “top-down.”
d)be more “bottom-up.”
12)In flat organizational structures, employees tend to be:
a)more open and communicative.
b)more interested in financial rewards.
c)constrained within their role or function.
d)less likely to interact across the organization.
13)Employees in organizations with flat organizational structures tend to be more:
a)creative and involved in business decisions.
b)dissatisfied and apathetic.
c)financially successful.
d)concerned about job security.
14) Hierarchical organizations are more likely than flat organizations to have a:
a)security policy.
b)formal chain of command.
c)profitable business model.
d)chief executive officer.
15)Which of the following can affect an employee’s sense of job security, purpose, and potential to contribute to the company’s success, all of which can make an employee feel dissatisfied or apathetic?
a)The U.S economy
b)A company’s IT policies
c)A company’s size
d)A company’s board of directors
16)Conducting annual audits and security assessments for policy compliance are critical security operations and management functions because:
a)people constantly change (they grow on the job, move to new jobs, etc.).
b)people tend to shy away from repetition and repetitive inputs.
c)employees never discover new risks and threats.
d)security awareness training is most often ineffective.
17)Which of the following statements is true regarding the scenario in the lab in which the Specialty Medical Clinic was being acquired by a larger parent organization?
a)Both the medical clinic and the larger parent organization had a hierarchical structure with multiple departments and clinics.
b)Both the medical clinic and the larger parent organization had a flat organizational structure.
c)The medical clinic had a hierarchical structure with multiple departments and clinics, while the larger parent organization had a flat organizational structure.
d)The larger parent organization had a hierarchical structure with multiple departments and clinics, while the medical clinic had a flat organizational structure.
18)Security awareness training can include special all-hands meetings called __________ meetings that are held between team or departmental leaders, with those leaders then sharing the information they’ve gained from those meetings with employees.
a)Town Hall
b)Task Force
c)Awareness
d)Security Reminders
19)Which of the following statements is true regarding ongoing security policy management?
a)New policy and procedures always negatively impact a business process or create unintended challenges in a particular department.
b)When users find that a policy is going to make their jobs harder, they’re much more likely to try to circumvent that policy.
c)Employee feedback is not helpful in determining how a policy might impose unintended challenges on an employee.
d)Be certain to communicate, to leaders and employees alike, that there may be adverse repercussions for providing feedback.
20)Which of the following statements is true regarding security awareness training?
a)Employees typically look forward to and enjoy mandatory security awareness training.
b)Security awareness training can be more effective if made unconventional or interactive.
c)The training should be uniform across all employees and departments.
d)The rationale behind the security training should be withheld from the employees.