Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Rajib
Viewer
‎08-30-2023 03:03 AM
‎08-30-2023 03:03 AM

Need clarification on Chapter 1: Security Principles Quiz for Certified in Cyber Security

  1. Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh's company operates; the law conflicts with the company's policies. Which governance element should Lankesh's company follow??(D1, L1.4.2) 

 

A) The Law

B) The Policy? 

C) Any procedures the company has created for the? particular activities? affected by the law

D) Lankesh should be allowed to use personal and professional judgment to make the determination of how to proceed??(my answer)

This is incorrect because laws cannot be violated. ??  Which one is the answer then?

=======================================

 

  • Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users' explicit permission.? 

    According to the (ISC)2 Code of Ethics, to whom does Kristal ultimately owe a duty in this situation??(D1, L1.5.1) 

     

A)The governments of the countries where the company operates?

B)The company Kristal works for?(my answer)

C) The Users?

D) (ISC)2?

This is incorrect because the company is represented by the third Canon ("principals"), which is subservient to the first Canon.  

Which one is the answer then?

==========================================

  • While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do??(D1, L1.5.1) 

A) Nothing—each person is responsible for their own actions.

B) Yell at the other candidate for violating test security.? 

C) Report the candidate to (ISC)2

D) Call local law enforcement

This is incorrect, because members are expected to uphold the standard, including among other members. 

Which one is the answer then?

Reply
5 Replies
Mohy
Newcomer I
‎08-30-2023 08:24 AM
‎08-30-2023 08:24 AM

Quiz 1: A) is correct, becuase you cannot violated the laws.

Quiz 2: C) is coorect, according to the code of hierarchy the Users is more impotant. Check the 1st canon : society, the common good, and public.

Quiz 3: C) Report the candidate to (ISC)2. Check the Canon Code of Ethic

Lordmohi
Reply
ericgeater
Community Champion
‎08-30-2023 08:48 AM
‎08-30-2023 08:48 AM

Answering as myself:

 

Over and over again, you'll hear about governance.  That could be a law, or a regulation, or an adopted code of ethics... or at least a company policy.  And the IT security in that company should align itself to the business objectives, which means that IT should inexorably follow some form of governance.

 

The ISC2 Code of Ethics says you should "Act honorably, honestly, justly, responsibly, and legally", so since law is the highest governance there is, I would choose (A) for Question 1

 

But if a company conspires with a government to do subversive things above the law (like in Question 2), you cannot "Protect society, the common good, necessary public trust and confidence, and the infrastructure," as stated in the Code of Ethics if you choose to support these illegal acts.  The answer is (C).

 

I didn't see your answer for the third question.  I would answer (C) because the exam proctors and ISC2 review both the results of an exam, and the behaviors of exam takers, during their post-exam evaluation.  Your observation may lend weight to their review.

 

edit: @Mohy had a more succinct answer than me.  Good job!

-----------
A claim is as good as its veracity.
Reply
JoePete
Advocate I
‎08-31-2023 07:16 AM
‎08-31-2023 07:16 AM

@ericgeater wrote:

 

Over and over again, you'll hear about governance.  That could be a law, or a regulation, or an adopted code of ethics... or at least a company policy.  And the IT security in that company should align itself to the business objectives, which means that IT should inexorably follow some form of governance.

Well stated. Of course, if the question's implication is that a security engineer should unilaterally violate existing company policy due to the engineer's interpretation of a new law, that's not good governance either. Policy is in the hands of company ownership (e.g., board of directors). Maybe the intent was just to insert Lankesh as a red herring (the question does ask what should the company do - not what should the engineer do), but as you note, we hear "governance" a lot these days. It remains poorly understood as a concept and even more poorly applied as a practice. Authority flows from top to bottom - each level authorizing the action at the next level. Accountability flows from the bottom up, each level having to be responsive to the one above it.

Reply
JUNIOR
Newcomer I
‎09-01-2023 05:32 AM
‎09-01-2023 05:32 AM

1 A THE LAW
2 C THE USERS
3C REPORT THE CANDIDATE TO ISC2
Reply
Mramadan
Viewer II
‎09-14-2023 03:12 AM
‎09-14-2023 03:12 AM

https://quizlet.com/784216194/isc2-practice-exam-3-flash-cards/

 

this link will be very helpful and have all Qs

Reply