单选题 After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?
在对其组织进行定性风险评估后，Sally建议购买网络安全违约保险。她建议采取什么样的风险应对行为？

单选题 Which one of the following elements of information is not considered personally identifiable information that would trigger most United States （U.S.） state data breach laws?
以下哪项信息要素不被视为会触发大多数美国州数据违反法律的个人识别信息？

单选题 Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party’s copyright. What law governs the actions that Francine must take?
Francine是美国一家在线服务提供商的安全专家。她最近收到一位版权所有者的索赔，称用户在其服务上存储的信息侵犯了第三方的版权。弗朗辛必须采取什么样的行动？

单选题 Renee is speaking to her board of directors about their responsibilities to review cyberse-curity controls. What rule requires that senior executives take personal responsibility for information security matters?
Renee正在与董事会讨论他们审查网络安全控制的责任。什么规则要求高级管理人员对信息安全事项承担个人责任？

单选题 FlyAway Travel has offices in both the European Union （EU） and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminateD.Under the General Data Protection Regulation （GDPR）, which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?
FlyAway Travel在欧盟（EU）和美国都设有办事处，并定期在这些办事处之间传输个人信息。他们最近收到一位欧盟客户的请求，要求终止其账户。根据《一般数据保护条例》（GDPR），处理个人信息的哪项要求规定个人可以要求不再传播或处理其数据？

单选题 Gavin is creating a report to management on the results of his most recent risk assessment.In his report, he would like to identify the remaining level of risk to the organization after adopting security controls. What term best describes this current level of risk?
Gavin正在就其最近的风险评估结果向管理层编制一份报告。在他的报告中，他希望确定在采取安全控制措施后对组织的剩余风险水平。什么术语最能描述当前的风险水平？

单选题 Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: “Advance and protect the profession.” Who may bring ethics charges against Henry for this violation?
亨利最近协助他的一位同事准备CISSP考试。在这一过程中，亨利披露了考试内容的机密信息，违反了《道德规范》第四章：“促进和保护职业”。谁会因为这一违反行为对亨利提起道德指控？

单选题 Alyssa is responsible for her organization’s security awareness program. She is concerned that changes in technology may make the content outdateD.What control can she put in place to protect against this risk?
Alyssa负责其组织的安全意识计划。她担心技术的变化可能会使内容过时。她可以采取什么控制措施来防范这种风险？