16 Chapter 1 ■ Security and Risk Management (Domain 1)
- Ben is seeking a control objective framework that is widely accepted around the world and
focuses specifically on information security controls. Which one of the following frame-
works would best meet his needs?
A. ITIL
B. ISO 27002
C. CMM
D. PMBOK Guide - Which one of the following laws requires that communications service providers cooperate
with law enforcement requests?
A. ECPA
B. CALEA
C. Privacy Act
D. HITECH Act - Every year, Gary receives privacy notices in the mail from financial institutions where he
has accounts. What law requires the institutions to send Gary these notices?
A. F ER PA
B. GLBA
C. H I PA A
D. HITECH - Which one of the following agreements typically requires that a vendor not disclose confi-
dential information learned during the scope of an engagement?
A. NCA
B. SLA
C. NDA
D. RTO - Which one of the following is not an example of a technical control?
A. Router ACL
B. Firewall rule
C. Encryption
D. Data classification