1. (TCO 1) Which of the following should not be the basis for security policy? (

Question

1. (TCO 1) Which of the following should not be the basis for security policy? (Points : 5)        Legislation
       Corporate directives
       Corporate needs
       Vendor documentation
       Situation awareness reporting Question 2.2. (TCO 2) The 10 IISSCC _____ cover 17 NIST control _____ which are arranged in three _____ called management, operational, and technical. (Points : 5)        controls, domains, principles
       domains, families, classes
       principles, domains, families
       domains, families, technologies
       technologies, domains, families Question 3.3. (TCO 2) What are the effects of security controls? (Points : 5)        Confidentiality, integrity, and availability
       Administrative, physical, and operational
       Detection, prevention, and response
       Management, operational, and technical Question 4.4. (TCO 3) Security management should ensure that policies established for information security distinguish the _____ of assets, organize people by _____, and manage _____ because that is the enemy of security. (Points : 5)        people, separation of duties, technology
       sensitivity, separation of duties, complexity
       technologies, importance, people
       taxonomy, separation of duties, complexity
       labels, accounts, complexity Question 5.5. (TCO 4) "There shall be a way for an individual to correct information in his or her records" is a clause that might be found in a _____. (Points : 5)        law
       code of ethics
       corporate policy
       fair information practices statement
       Any of the above Question 6.6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points : 5)        criteria, models, solutions
       controls, abstractions, solutions
       solutions, abstractions, models
       models, abstractions, solutions
       models, controls, solutions Question 7.7. (TCO 6) Physical security controls traditionally include obstacles, alarms, lights, guards, cameras, and responders that produce a(n) _____. (Points : 5)        sense of security
       defense-in-depth
       protective shield
       entrance barrier
       secure facility Question 8.8. (TCO 7) The security principle that says that each user should have access to exactly the information resources needed to do his/her job--no more and no less--is called _____. (Points : 5)        separation of duties
       need to know
       least privilege
       minimal access
       least common mechanism Question 9.9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)        system files
       application data
       user access
       networks supporting the IT infrastructure
       the known good state Question 10.10. (TCO 9) Mandatory access control uses labels and rules to mediate access to _____ by _____. (Points : 5)        objects, subjects
       files, people
       computer cycles, applications
       information assets, people
       information assets, network devices Question 11.11. (TCO 10) In a network system, you will normally find that _____ are encrypted using asymmetric cryptography, and _____ are encrypted using symmetric cryptography. (Points : 5)        signatures, messages
       messages, data
       hash totals, messages
       messages, hash totals
       data, messages Question 12.12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points : 5)        Use symmetric keys
       Issue smart cards
       Implement SSL
       Use IPSec
       Set up VPN connections Question 13.13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points : 5)        Layer 1
       Layer 2
       Layer 3
       Layer 4/7
       applications Question 14.14. (TCO 12) A good intrusion detection system will have all of the characteristics of the _____ model and will be flexible enough to adapt to new _____. (Points : 5)        Bell LaPadula, mandatory access control
       reference monitor, vulnerabilities
       Biba, vulnerabilities
       OSI, loss of availability
       reference monitor, loss of availability Question 15.15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team members should refer to company information security policies? (Points : 5)        System requirements
       System design
       Detailed design
       Coding
       Project inception 1. (TCO 1) Which of the following should not be the basis for security policy? (Points : 5)        Legislation
       Corporate directives
       Corporate needs
       Vendor documentation
       Situation awareness reporting

Explanation / Answer

1.Which of the following should not be the basis for security policy?

A description of specific technologies used in the field of information security.

Ans:So Situation awareness reporting.

2.The 10 IISSCC _____ cover 17 NIST control _____ which are arranged in three _____ called management, operational, and technical.

Ans:domains, families, classes

3.What are the effects of security controls?

The environment that must be protected through physical security controls includes all
personnel, equipment, data, communication devices, power supplies, and wiring.

Ans:so onfidentiality, integrity, and availability

4.Security management should ensure that policies established for information security distinguish the _____ of assets, organize people by _____, and manage _____ because that is the enemy of security.

Ans: taxonomy, separation of duties, complexity

5.There shall be a way for an individual to correct information in his or her records" is a clause that might be found in a _____.

Ans: Any of the above Because it states that to an individual to correct information in his or her records.

6.Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____.

Ans: models, abstractions, solutions

7.Physical security controls traditionally include obstacles, alarms, lights, guards, cameras, and responders that produce a(n) _____

Ans:secure facility

8.The security principle that says that each user should have access to exactly the information resources needed to do his/her job--no more and no less--is called

Ans:separation of duties

9.Security recovery strategies should always seek to restore
Ans:application data

10.Mandatory access control uses labels and rules to mediate access to _____ by _____.

Ans:information assets, network devices

11.In a network system, you will normally find that _____ are encrypted using asymmetric cryptography, and _____ are encrypted using symmetric cryptography.

Ans:data, messages

12. A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do?

Ans: Implement SSL can use for online secure transactions.

13. A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers.

Ans: Layer 3

14. A good intrusion detection system will have all of the characteristics of the _____ model and will be flexible enough to adapt to new _____.

Ans:reference monitor, loss of availability

15.Identify the SDLC phase in which business stakeholders and project team members should refer to company information security policies?

Ans:Detailed design business stakeholders and project team members should refer to company information security policies

--------------------------------------------------------------------
Thank you hope the information helps you ..

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.