1. Which of the following describes the first step in establishing an encrypted

Question

1.

Which of the following describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key?

A. Key clustering

B. Key compression

C. Key signing

D. Key exchange

2.

When an employee transfers within an organization …

A. The employee must undergo a new security review.

B. The old system IDs must be disabled.

C. All access permission should be reviewed.

D. The employee must turn in all access devices.

3.

Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to?

A. Discretionary Access Control

B. Task-initiated Access Control

C. Subject-dependent Access Control

D. Token-oriented Access Control

4.

As an information systems security manager (ISSM), how would you explain the purpose for a system security policy?

A. A definition of the particular settings that have been determined to provide optimum security

B. A brief, high-level statement defining what is and is not permitted during the operation of the system

C. A definition of those items that must be excluded on the system

D. A listing of tools and applications that will be used to protect the system

5.

Configuration management provides assurance that changes…?

A. to application software cannot bypass system security features.

B. do not adversely affect implementation of the security policy.

C. to the operating system are always subjected to independent validation and verification.

D. in technical documentation maintain an accurate description of the Trusted Computer Base.

6.

What type of cryptanalytic attack where an adversary has the least amount of information to work with?

A. Known-plaintext

B. Ciphertext-only

C. Plaintext-only

D. Chosen-ciphertext

7.

Prior to installation of an intrusion prevention system (IPS), a network engineer would place a packet sniffer on the network, what is the purpose for using a packet sniffer?

A. It tracks network connections.

B. It monitors network traffic.

C. It scans network segments for cabling faults.

D. It detects illegal packets on the network

8.

What determines the assignment of data classifications in a mandatory access control (MAC) philosophy?

A. The analysis of the users in conjunction with the audit department

B. The assessment by the information security department

C. The user’s evaluation of a particular information element

D. The organization’s published security policy for data classification

9.

. An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle?

A. Discretionary Access

B. Least Privilege

C. Mandatory Access

D. Separation of Duties

10.

. Which of the following is the primary goal of a security awareness program?

A. It provides a vehicle for communicating security procedures.

B. It provides a clear understanding of potential risk and exposure.

C. It provides a forum for disclosing exposure and risk analysis.

D. It provides a forum to communicate user responsibilities.

SUBJECT : DATA AND SYSTEM SECURITY

Explanation / Answer

1)Answer is D. Key exchange

Key exchange describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key.

2)Answer is C. All access permission should be reviewed.

When an employee transfers within an organization is  "All access permission should be reviewed".

3)Answer is A. Discretionary Access Control

Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to " Discretionary Access Control".

4)Answer is B. A brief, high-level statement defining what is and is not permitted during the operation of the system

As an information systems security manager (ISSM), how would you explain the purpose for a system security policy is "A brief, high-level statement defining what is and is not permitted during the operation of the system".

5)Answer is B. do not adversely affect implementation of the security policy.

Configuration management provides assurance that change is" do not adversely affect implementation of the security policy".'

6)Answer is B. Ciphertext-only

" Ciphertext-only " type of cryptanalytic attack where an adversary has the least amount of information to work with.

7)Answer is B. It monitors network traffic.

Prior to installation of an intrusion prevention system (IPS), a network engineer would place a packet sniffer on the network, what is the purpose for using a packet sniffer is" It monitors network traffic".

8)Answer is D. The organization’s published security policy for data classification

" The organization’s published security policy for data classification" determines the assignment of data classifications in a mandatory access control (MAC) philosophy.

9)Answer is  B. Least Privilege

An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle is " Least Privilege".

10)Answer is B. It provides a clear understanding of potential risk and exposure.

" It provides a clear understanding of potential risk and exposure" is the primary goal of a security awareness program.

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.