CISSP Practice question #99

We have had a major security breach, one of our honeypots was used for a downstream attack on a rival business, the competitor has lost over $200,000 in revenue. Who is ultimately liable.
A: The IT security team.
B: Middle management.
C: Whomever deployed the honeypot.
D: Senior management.

CBK 1: Security and Risk Management
Source: practice tests


D: C-Level executives (senior leadership) are ultimately liable, this does not mean anyone else is not liable, if other people involved did not perform due care and due diligence they may be liable as well, but the questions was ultimately liable.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like


    1. Senior management is always “Ultimately” liable, they are responsible for what the company does (or does not do), you may still be liable, but the keyword here is ultimately.
      Equifax CEO was responsible for the breach, even if it was someone below that level who chose to not patch.

Leave a Reply