Information security is a process that protects all of the following except
Question # 00256381
Posted By:
Updated on: 04/18/2016 09:03 AM Due on: 05/18/2016
Question 1. 1. (TCO 1) Information security is a process that protects all of the following except _____.
(Points : 5)
personal privacy
payroll integrity
service availability
readiness
hardware integrity
Question 2. 2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10
IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)
technologies, domains, families
controls, families, domains
domains, families, technologies
principles, domains, families
controls, domains, principles
Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)
Detection, prevention, and response
Management, technical, and operational
Administrative, technical, and physical
Administrative, technical, and procedural
Question 4. 4. (TCO 3) Security policies, regardless of level, should ensure that _____ of assets is
distinguished, _____ of people is maintained, and that _____ is managed because that is the enemy of
security. (Points : 5)
sensitivity, separation of duties, technology
labels, responsibility, complexity
labels, accountability, technology
organization, accountability, complexity
sensitivity, separation of duties, complexity
Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)
companies
managers
citizens
employees
All of the above
Question 6. 6. (TCO 5) Ideas can be evaluated using _____, which are _____ that are not meant to be
_____. (Points : 5)
models, controls, solutions
controls, abstractions, solutions
models, abstractions, solutions
solutions, controls, abstractions
models, controls, abstractions
Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____.
(Points : 5)
closed-circuit television
a good security plan
an educated workforce
certified security staff
resources
Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly
the information resources needed to do his/her job--no more and no less--is called _____. (Points : 5)
separation of duties
need to know
least privilege
minimal access
least common mechanism
Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)
system files
application data
user access
networks supporting the IT infrastructure
the known good state
Question 10. 10. (TCO 9) Access controls manage the use of _____ by _____ in an information
system. (Points : 5)
files, people
information resources, programs
objects, subjects
computer time, people
computer cycles, applications
Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and
asymmetric cryptography is used to encrypt _____. (Points : 5)
messages, identities
data, identities
data, signatures
data, messages
messages, signatures
Question 12. 12. (TCO 10) In a given city, there are a group of people who wish to communicate
through the use of asymmetric cryptography. They do not wish to work with any type of certificate
authority. Given this information, how would this be accomplished? (Points : 5)
Internal certificate authority
Private extranet
Public VPN provider
IPSec tunnels
Utilize PGP
Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is
called a(n) _____. (Points : 5)
packet-filtering router
circuit-level gateway
application-level gateway
stateful inspection firewall
bridge firewall
Question 14. 14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is
subject to two kinds of errors called _____ and _____. (Points : 5)
type a, type b
false positive, false negative
hardware, software
functional, assurance
performance, availability
Question 15. 15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team
members should refer to company information security policies? (Points : 5)
System requirements
System design
Detailed design
Coding
Project inception
Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate
policies. (Points : 15)
Question 2. 2. (TCO 2) The three effects of security controls are prevention, detection, and recovery. Briefly explain how these
effects are related to the known good state. (Points : 15)
Question 3. 3. (TCO 3) Briefly explain the "principle" that states that security = risk management. (Points : 15)
Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized
users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker
(unauthorized user) of your system. (Points : 15)
Question 5. 5. (TCO 5) Explain why the Bell-LaPadula model and the Biba model are called dual models. (Points : 15)
Question 6. 6. (TCO 6) Briefly explain why good physical security is critical to good information security. (Points : 15)
Question 7. 7. (TCO 7) Explain what media disposition means. (Points : 15)
Question 8. 8. (TCO 8) Explain the term cold site. (Points : 15)
1. (TCO 9) Explain the advantage of role-based access controls. (Points : 15)
Question 2. 2. (TCO 10) Name the two uses of a private key in asymmetric cryptography. (Points : 15)
Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared
outside of an organization. (Points : 15)
Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)
Question 5. 5. (TCO 12) Explain why intrusion detection is necessary in terms of the known good state. (Points : 15)
Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)
Question 7. 7. (TCO 13) Explain what a virus is, pointing out how it is different from a worm. (Points : 15)
(Points : 5)
personal privacy
payroll integrity
service availability
readiness
hardware integrity
Question 2. 2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10
IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)
technologies, domains, families
controls, families, domains
domains, families, technologies
principles, domains, families
controls, domains, principles
Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)
Detection, prevention, and response
Management, technical, and operational
Administrative, technical, and physical
Administrative, technical, and procedural
Question 4. 4. (TCO 3) Security policies, regardless of level, should ensure that _____ of assets is
distinguished, _____ of people is maintained, and that _____ is managed because that is the enemy of
security. (Points : 5)
sensitivity, separation of duties, technology
labels, responsibility, complexity
labels, accountability, technology
organization, accountability, complexity
sensitivity, separation of duties, complexity
Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)
companies
managers
citizens
employees
All of the above
Question 6. 6. (TCO 5) Ideas can be evaluated using _____, which are _____ that are not meant to be
_____. (Points : 5)
models, controls, solutions
controls, abstractions, solutions
models, abstractions, solutions
solutions, controls, abstractions
models, controls, abstractions
Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____.
(Points : 5)
closed-circuit television
a good security plan
an educated workforce
certified security staff
resources
Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly
the information resources needed to do his/her job--no more and no less--is called _____. (Points : 5)
separation of duties
need to know
least privilege
minimal access
least common mechanism
Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)
system files
application data
user access
networks supporting the IT infrastructure
the known good state
Question 10. 10. (TCO 9) Access controls manage the use of _____ by _____ in an information
system. (Points : 5)
files, people
information resources, programs
objects, subjects
computer time, people
computer cycles, applications
Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and
asymmetric cryptography is used to encrypt _____. (Points : 5)
messages, identities
data, identities
data, signatures
data, messages
messages, signatures
Question 12. 12. (TCO 10) In a given city, there are a group of people who wish to communicate
through the use of asymmetric cryptography. They do not wish to work with any type of certificate
authority. Given this information, how would this be accomplished? (Points : 5)
Internal certificate authority
Private extranet
Public VPN provider
IPSec tunnels
Utilize PGP
Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is
called a(n) _____. (Points : 5)
packet-filtering router
circuit-level gateway
application-level gateway
stateful inspection firewall
bridge firewall
Question 14. 14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is
subject to two kinds of errors called _____ and _____. (Points : 5)
type a, type b
false positive, false negative
hardware, software
functional, assurance
performance, availability
Question 15. 15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team
members should refer to company information security policies? (Points : 5)
System requirements
System design
Detailed design
Coding
Project inception
Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate
policies. (Points : 15)
Question 2. 2. (TCO 2) The three effects of security controls are prevention, detection, and recovery. Briefly explain how these
effects are related to the known good state. (Points : 15)
Question 3. 3. (TCO 3) Briefly explain the "principle" that states that security = risk management. (Points : 15)
Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized
users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker
(unauthorized user) of your system. (Points : 15)
Question 5. 5. (TCO 5) Explain why the Bell-LaPadula model and the Biba model are called dual models. (Points : 15)
Question 6. 6. (TCO 6) Briefly explain why good physical security is critical to good information security. (Points : 15)
Question 7. 7. (TCO 7) Explain what media disposition means. (Points : 15)
Question 8. 8. (TCO 8) Explain the term cold site. (Points : 15)
1. (TCO 9) Explain the advantage of role-based access controls. (Points : 15)
Question 2. 2. (TCO 10) Name the two uses of a private key in asymmetric cryptography. (Points : 15)
Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared
outside of an organization. (Points : 15)
Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)
Question 5. 5. (TCO 12) Explain why intrusion detection is necessary in terms of the known good state. (Points : 15)
Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)
Question 7. 7. (TCO 13) Explain what a virus is, pointing out how it is different from a worm. (Points : 15)
-
Rating:
/5
Solution: Information security is a process that protects all of the following except