Security Governance

An employee receives a company laptop and signs a document stating they will not use it for personal gaming or streaming videos, they will not install unauthorized software, and must return the laptop upon termination of their employment. The document also outlines consequences for violations. Which critical security policy is the employee acknowledging?

A financial institution updates its password policy annually. It needs to ensure every department is using the latest version of the policy, not outdated documents. Auditors require proof of which version was in effect during specific periods. Which governance control provides this?

A company headquartered in California processes customer data from both European Union residents and Californian citizens. After discovering a data breach affecting 10,000 records, they must comply with breach notification requirements. Which legal requirements must they comply with?

A healthcare organization uses a Cloud-based electronic medical records system. The hospital's senior management determines what data is collected and how it is used. The Cloud provider hosts the infrastructure and processes the data according to the hospital's instructions. What are the correct data governance roles for the hospital and Cloud provider?

A security team manually configures firewall rules across 500 servers. They often experience misconfigurations causing vulnerabilities. What should they follow to configure the servers correctly?

A software patch was accidentally deployed early, during the middle of the working day, and has negatively affected business operations. The Chief Executive Officer (CEO) demands that the systems return to full operations immediately. What part of the change management plan will assist in this task?

A Security Operations Center (SOC) for a large financial institution deals with high volumes of alerts and potential threats. They are considering implementing automation and orchestration in security operations. What is the PRIMARY benefit of automation in SOC operations?

A manufacturing plant experiences a major flood that destroys the primary data center. Management activates a secondary facility in another state to continue operations. Which plan is being executed?

Management teams of a large government organization want to be prepared in the event of a major natural disaster like floods or earthquakes. They prepare a secondary facility in a different region. To save costs, this facility has servers and workstations installed, but they are powered down. Only a small number of staff work in the facility, like security guards. If the organization needed to use the facility, it would take some time to transfer staff and data there. What is the best description of this site?