每日CISSP认证常错题（2022年4月22日）

CISSP认证常错题（源自铭学在线测试平台：https://www.maxstu.com/page/1773704）

【答案解析在题目之后】 

题目1
Q：以下哪个人会成为信息安全项目最高级的负责人？
Which one of the following individuals would be the most effectiveorganizational owner for an information security program?
A、持有CISSP认证的分析师
CISSP-certified analyst
B、首席信息官（CIO）
Chief information officer (CIO)
C、网络安全经理
Manager of network security
D、总裁和首席执行官（CEO）
President and CEO

题目2
Q：Beth是一名人力资源专家，准备协助解雇员工。以下哪项通常不是终止流程的一部分？
Beth is a human resources specialist preparing to assist in the termination ofan employee. Which of the following is not typically part of a terminationprocess?
A、离职访谈  
An exit interview
B、资产的复原
Recovery of property
C、账户终止       
Account termination
D、签署NCA
Signing an NCA

题目3
Q：Jeff想采用行业标准方法来评估其组织用来管理风险的流程。哪种成熟度模型最适合他的使用？
Jeff would like to adopt an industry-standard approach for assessing theprocesses his organization uses to manage risk. What maturity model would be mostappropriate for his use?
A、CMM
CMM
B、SW-CMM
SW-CMM
C、RMM
RMM
D、COBIT
COBIT
---------------

另有更多免费网安认证测试题和微信学习讨论群，可添加铭学在线小助手vx：maxstu_com，获取和加入。

---------------
题目1
答案：B
解析：信息安全计划的所有者可能不同于负责实施控制的人。此人应尽可能资深，能够专注于安全计划的管理。总裁兼CEO不是一个合适的选择，因为这个级别的高管不太可能有必要的时间专注于安全。在剩下的选择中，CIO是最高级的职位，他将成为在执行级别的最强有力倡导者。
The owner of information security programs may bedifferent from the individuals responsible for implementing the controls. Thisperson should be as senior an individual as possible who is able to focus onthe management of the security program. The president and CEO would not be anappropriate choice because an executive at this level is unlikely to have thetime necessary to focus on security. Of the remaining choices, the CIO is themost senior position who would be the strongest advocate at the executivelevel.

题目2
答案：D
解析：通常在招聘时签署竞业禁止或保密协议。离职面谈、组织财产的恢复和帐户终止都是终止流程的常见要素。在离职面谈期间，团队可以选择审查仍然有效的雇佣协议和策略，例如竞业禁止或保密协议。
Signing a noncompete or nondisclosure agreement istypically done at hiring. Exit interviews, recovery of organizational property,and account termination are all common elements of a termination process.During the exit interview, the team may choose to review employment agreementsand policies that remain in force, such as a noncompete or nondisclosureagreement.

题目3
答案：C
解析：风险成熟度模型（RMM）专为评估企业风险管理计划而设计。可以想象，Jeff可以使用更通用的能力成熟度模型 (CMM)，但这不太合适。软件能力成熟度模型 (SW-CMM) 旨在评估开发项目，而不是风险管理工作。信息技术控制目标（COBIT）是一组安全控制目标，而不是成熟度模型。
The Risk Maturity Model (RMM) is specifically designedfor the purpose of assessing enterprise risk management programs. Jeff couldconceivably use the more generic capability maturity model (CMM), but thiswould not be as good of a fit. The software capability maturity model (SW-CMM)is designed for assessing development projects, not risk management efforts.The Control Objectives for Information Technology (COBIT) are a set of securitycontrol objectives and not a maturity model.