The Most Advanced Business Management MCQ Test

147 Questions | By Catherinehalcomb | Updated: Mar 21, 2022 | Attempts: 317

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

The Most Advanced Business Management MCQ Test - Quiz

If you want to enhance your business management skills, then this quiz is for you. You can play this "Most Advanced Business Management MCQ Test" and check your knowledge. Your score will decide how well you are aware of the terms and skills of Advanced Business Management. You can get the perfect score just by answering the quiz questions. All the best for the best scores.

Questions and Answers

1.

An information security policy does NOT usually include:
- A.
  
  Guidelines for how to implement policy
- B.
  
  Authority for information security department
- C.
  
  Basis for data classification
- D.
  
  Recognition of information as an asset of the organization
2.

Which of the following is a realistic goal of every loss prevention program?
- A.
  
  Permit losses that aren't very important.
- B.
  
  Be 100% effective in preventing loss.
- C.
  
  Reduce losses to a pre-defined level that management can tolerate.
- D.
  
  Reduce losses to within 10% of a pre-defined level
3.

When is it acceptable for management not to take action on an identified risk?
- A.
  
  When responsibility for the conditions that cause the risk to arise is outside their department
- B.
  
  When the cost of taking action outweighs the potential cost of the risk being realized.
- C.
  
  When risk reduction measures may affect the productivity of the business.
- D.
  
  Never - action should always be taken to reduce or eliminate an identified risk.
4.

Which of the following MOST clearly indicates whether specific risk reduction controls should be implemented?
- A.
  
  Threat and vulnerability analysis
- B.
  
  Risk evaluation
- C.
  
  ALE calculation
- D.
  
  Countermeasure cost/benefit analysis
5.

A newly assigned Risk Manager requests access to a file share containing corporate financial records. The access request is reviewed by the Chief Financial Officer who determines that access will be granted to only three files for one month. This principle is referred to as:
- A.
  
  Job rotation
- B.
  
  Least privilege
- C.
  
  Special privilege
- D.
  
  Separation of duties
6.

One purpose of a security awareness program is to modify
- A.
  
  Employee's attitude and behaviors
- B.
  
  Management's approach
- C.
  
  Attitudes of employees with sensitive data
- D.
  
  Corporate attitudes about safeguarding data
7.

Which of the following assures alignment of security functions and the organization's goals, missions and objectives?
- A.
  
  Governance oversight
- B.
  
  System security oversight
- C.
  
  Human resource oversight
- D.
  
  Business service oversight
8.

The concept of "least privilege" involves:
- A.
  
  Individual accountability
- B.
  
  Access authentication
- C.
  
  Authorization levels
- D.
  
  Identification of users
9.

Which is the FIRST step that should be considered in a penetration test?
- A.
  
  The approval of the change management control team
- B.
  
  The development of a detailed test plan
- C.
  
  The formulation of specific management objectives
- D.
  
  The communication process among team members
10.

Under the principle of negligence, executives can be held liable for losses that result from system breaches if
- A.
  
  The company is a multi-national company
- B.
  
  They have not exercised due care protecting computing resources
- C.
  
  They have failed to properly insure computer resources against loss
- D.
  
  The company does not prosecute the hacker that caused the breach
11.

If a company has no written policy notifying employees of its right to monitor network activity, what must it do to be in compliance with certain privacy laws or principles?
- A.
  
  Monitor only during off hours
- B.
  
  Obtain a search warrant prior to any monitoring
- C.
  
  Not capture any network traffic related to monitoring employee's activity
- D.
  
  Apply for a waiver from Interpol before monitoring
12.

What are the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information related to?
- A.
  
  Privacy
- B.
  
  Secrecy
- C.
  
  Availability
- D.
  
  Reliability
13.

Under which one of the following situations would a trash can fire be considered a disaster?
- A.
  
  The fire caused critical business systems to be disabled for longer than the Recovery Time Objective
- B.
  
  The fire alarms went off and the building had to be evacuated.
- C.
  
  The trash can contained company sensitive documents.
- D.
  
  The fire spread beyond the trash can and the fire department had to be called.
14.

Which of the following is LEAST likely to be required to quantify the impact associated with a potential disaster to a commercial enterprise?
- A.
  
  Identify the organization's key business functions
- B.
  
  Identify the computer systems critical to the survival of the organization.
- C.
  
  Estimate the financial impact a loss would have on the business based on how long an outage would last.
- D.
  
  Acquire information from government agencies about the likelihood of a natural disaster occurring.
15.

Which of the following would BEST help an organization to gain a common understanding of functions that are critical to survival?
- A.
  
  Risk assessment
- B.
  
  Emergency response plan
- C.
  
  Disaster recovery plan
- D.
  
  Business impact analysis
16.

Which of the following best defines a Business Impact Analysis (BIA)?
- A.
  
  It is the process of analyzing all business functions to determine the impact of an outage.
- B.
  
  It is the process of analyzing corporate functions, such as accounting, personnel, and legal to determine which functions must operate immediately following an outage.
- C.
  
  It is the process of documenting procedures and capabilities to sustain organizational essential functions at an alternate site.
- D.
  
  It is the process of documenting viable recovery options for each business unit in the event of an outage.
17.

When conducting the business impact assessment, business processes are examined relative to all EXCEPT:
- A.
  
  Customer interruption impacts
- B.
  
  Embarassment of loss of confidence impacts
- C.
  
  Executive management disruption impacts
- D.
  
  Revenue loss potential impact
18.

Which of the following defines the intent of a system security policy?
- A.
  
  A description of the settings that will provide the highest level of security
- B.
  
  A brief high-level statement defining what is and is not permitted in the operation of a system
- C.
  
  A definition of those items that must be denied on the system
- D.
  
  A listing of tools and applications that will be used to protect the system
19.

An organizational information security strategy is incomplete without
- A.
  
  Recommendations for salary improvement of security professionals
- B.
  
  Addressing privacy and health care requirements of employees
- C.
  
  Alignment with organizational audit and marketing plans
- D.
  
  Incorporating input from organizational privacy and safety professionals
20.

The organizational information security plan can
- A.
  
  Assure protection of organizational data and information
- B.
  
  Select the technology solutions to enhance organizational security effectiveness
- C.
  
  Identify potential risks to organizational employee behavior
- D.
  
  Align organizational data protection schemes to business goals
21.

Which of these terms is MOST closely related to confidentiality?
- A.
  
  Reliability
- B.
  
  Need-to-know
- C.
  
  Auditability
- D.
  
  Trustworthiness
22.

Which of these is the MOST important factor when considering the alignment between release a product and making it secure?
- A.
  
  Service level agreements
- B.
  
  Customer satisfaction
- C.
  
  Policy
- D.
  
  Profit
23.

Which statement is MOST accurate in the majority of organizational structures?
- A.
  
  The Security Officer is responsible for ensuring that recommendations to executive management are full, accurate, and complete.
- B.
  
  The Security Officer accepts the risk of system failures
- C.
  
  The Security Officer reports to the Privacy Officer.
- D.
  
  The Security Officer is responsible for protection of business information assets.
24.

Governance involves ______
- A.
  
  The regulations that affect a company within a state or country
- B.
  
  The risk management processes and procedures within a company
- C.
  
  The organizational structure that includes standards, procedures and policies
- D.
  
  The organizational chart that describes who reports to whom as defined for a company
25.

Which of these Intellectual Property Law concepts is NOT a part of Contract Law?
- A.
  
  Commercial software
- B.
  
  Shareware
- C.
  
  Public domain
- D.
  
  Freeware