• Question 28 In an organization, which of the following roles is responsible for the day-to-day
maintenance of data?
• Question 29 The basic elements of motivation include pride, success, and __________.
• Question 30 In Kotter's change model, in which step does the ISO work with line management
to collect metrics for assessing the policies' effectiveness and ensure metrics are meaningful?
• Question 31 Which personality type tends to be associated with good leaders?
• Question 32 Which of the following is not true of auditors?
• Question 33 To which sector does HIPAA apply primarily?
• Question 34 Which compliance law concept states that individuals should know what
information about them is being collected and should be told how that information is being
used?
• Question 35 Which of the following is not true of the Sarbanes-Oxley Act?
• Question 36 Which of the following is not a key component that must be covered in an
organization's security policy for CIPA compliance?
• Question 37 Which law was challenged by the American Library Association and the
American Civil Liberties Union claiming it violated free speech rights of adults?
• Question 38 Which law applies to educational institutions and protects students' records?
• Question 39 Which of the following focuses on the payment card industry?
• Question 40 Which of the following generally merits a change to a security policy that should
be reviewed by a policy change board?
• Question 41 What is a potential disadvantage of using consecutive numbers in a policy
library?
• Question 42 Antivirus systems, cryptographic systems, and firewalls are examples of which
type of security control?
• Question 43 Which of the following is not a valid reason for using a taxonomy to organize an
IT policy library?
• Question 44 Which of the following is generally not an objective of a security policy change
board?