CO 1) Which of the following should not be the basis for security policy?

CO 1) Which of the following should not be the basis for security policy? (Points : 5)

       Legislation
       Corporate directives
       Corporate needs
       Vendor documentation
       Situation awareness reporting 

Question 2.2. (TCO 2) The IISSCC divides controls into 10 _____, while NIST organizes controls into three _____ and 17 _____. (Points : 5)

       domains, classes, families
       domains, controls, families
       families, controls, classes
       domains, families, classes
       controls, domains, families 

Question 3.3. (TCO 2) What are the pillars of security? (Points : 5)

       Confidentiality, integrity, and availability
       Detection, prevention, and recovery
       People, process, and technology
       Administration, technology, and operation 

Question 4.4. (TCO 3) Security management should ensure that policies established for information security distinguish the _____ of assets, organize people by _____, and manage _____ because that is the enemy of security. (Points : 5)

       people, separation of duties, technology
       sensitivity, separation of duties, complexity
       technologies, importance, people
       taxonomy, separation of duties, complexity
       labels, accounts, complexity 

Question 5.5. (TCO 4) "There shall be a way for an individual to correct information in his or her records" is a clause that might be found in a _____. (Points : 5)

       law
       code of ethics
       corporate policy
       fair information practices statement
       Any of the above 

Question 6.6. (TCO 5) Security models are _____ that are used to _____ ideas, and are not meant to be _____. (Points : 5)

       solutions, implement, abstractions
       abstractions, evaluate, solutions
       abstractions, implement, solutions
       solutions, document, abstractions
       documents, implement, solutions 

Question 7.7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)

       closed-circuit television
       a good security plan
       an educated workforce
       certified security staff
       resources 

Question 8.8. (TCO 7) The mission of the security operations center might best be described as _____. (Points : 5)

       continuous monitoring
       maintaining the known good state
       policy enforcement
       reporting to management
       configuration management 

Question 9.9. (TCO 8) Alternate sites used in disaster recovery would normally not include which of the following? (Points : 5)

       Hot site
       Cold site
       Warm site
       Shared site
       Alternate site 

Question 10.10. (TCO 9) Mandatory access control uses labels and rules to mediate access to _____ by _____. (Points : 5)

       objects, subjects
       files, people
       computer cycles, applications
       information assets, people
       information assets, network devices 

Question 11.11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and asymmetric cryptography is used to encrypt _____. (Points : 5)

       messages, identities
       data, identities
       data, signatures
       data, messages
       messages, signatures 

Question 12.12. (TCO 10) In a given city, there are a group of people who wish to communicate through the use of asymmetric cryptography. They do not wish to work with any type of certificate authority. Given this information, how would this be accomplished? (Points : 5)

       Internal certificate authority
       Private extranet
       Public VPN provider
       IPSec tunnels
       Utilize PGP

Question 13.13. (TCO 11) A bastion host can be used as an application-level gateway or a circuit-level gateway (or both) because it implements application-specific _____. (Points : 5)

       software
       proxy
       hardware
       encryption
       models 

Question 14.14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is subject to two kinds of errors called _____ and _____. (Points : 5)

       type a, type b
       false positive, false negative
       hardware, software
       functional, assurance
       performance, availability 

Question 15.15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one?(Points : 5)

       Improved performance
       Increased availability
       Greater versatility
       Efficient business models
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply