CSPM CSPM Security Governance & Leadership

Question 1

In security project management, which governance document defines the acceptable use of organizational IT resources by employees?

Accepted Answer

Acceptable Use Policy (AUP)

Answer

Incident response plan

Answer

Business continuity plan

Answer

System security plan

Question 2

Which role in a security governance structure is ultimately accountable for accepting residual risk on behalf of the organization?

Accepted Answer

Authorizing Official (AO)

Answer

Chief Information Security Officer (CISO)

Answer

Security project manager

Answer

System owner

Question 3

A security governance framework ensures strategic alignment by linking security objectives to:

Accepted Answer

Overall business goals and mission objectives

Answer

Individual employee performance reviews

Answer

Vendor contract terms and SLAs

Answer

Technical patch management schedules

Question 4

What is the primary function of a security steering committee in a large organization?

Accepted Answer

Providing executive oversight and strategic direction for the security program

Answer

Performing hands-on penetration testing

Answer

Writing detailed technical security policies

Answer

Managing day-to-day incident response activities

Question 5

The concept of 'separation of duties' in security governance is primarily designed to:

Accepted Answer

Prevent fraud and errors by ensuring no single person controls an entire process

Answer

Reduce employee workload by dividing tasks

Answer

Speed up security project delivery timelines

Answer

Satisfy PCI-DSS network segmentation requirements

Question 6

Which security governance principle requires that users be granted only the minimum access rights necessary to perform their job functions?

Accepted Answer

Least privilege

Answer

Need-to-know

Answer

Defense in depth

Answer

Due diligence