PrepAway - Latest Free Exam Questions & Answers

Which of the following would NOT violate the Due Dilige…

Which of the following would NOT violate the Due Diligence concept?

PrepAway - Latest Free Exam Questions & Answers

A.
Security policy being outdated

B.
Data owners not laying out the foundation of data protection

C.
Network administrator not taking mandatory two-week vacation as planned

D.
Latest security patches for servers being installed as per the Patch Management process

Explanation:
Due diligence is the act of gathering the necessary information so the best decision-making activities can take
place. Before a company purchases another company, it should carry out due diligence activities so that the
purchasing company does not have any “surprises” down the road. The purchasing company should investigate
all relevant aspects of the past, present, and predictable future of the business of the target company. If this
does not take place and the purchase of the new company hurts the original company financially or legally, the
decision makers could be found liable (responsible) and negligent by the shareholders.
In information security, similar data gathering should take place so that there are no “surprises” down the road
and the risks are fully understood before they are accepted.
Latest security patches for servers being installed as per the Patch Management process is a good security
measure that should take place. This measure would not violate Due Diligence.
Incorrect Answers:
A: Security policy being outdated is a security risk that would violate due diligence.
B: Data owners not laying out the foundation of data protection is a security risk that would violate due
diligence.
C: A network administrator not taking mandatory two-week vacation as planned protection is a security risk that
would violate due diligence.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 1023


Leave a Reply