Question 1. 1. (TCO 1) Information security isa process that protects all of the following except _____. (Points : 5)
personal privacypayroll integrityservice availabilityreadinesshardware integrity
Question 2. 2. (TCO 2) The_____ of the17 NIST control_____ can be placed into the10 IISSCC_____ comprising the common body of knowledge for information security. (Points : 5)
technologies domains familiescontrols families domainsdomains families technologiesprinciples domains familiescontrols domains principles
Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)
Detection prevention and responseManagement technical and operationalAdministrative technical and physicalAdministrative technical and procedural
Question 4. 4. (TCO 3)Security policies regardless of levelshould ensure that _____ of assetsis distinguished_____of people is maintained and that_____ is managed because that is the enemy of security. (Points : 5)
sensitivity separation of duties technologylabels responsibility complexitylabels accountability technologyorganization accountability complexitysensitivity separation of duties complexity
Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)
companiesmanagerscitizensemployeesAll of the above
Question 6. 6. (TCO 5) Ideas can be evaluated using_____ which are _____ that are not meant to be _____. (Points : 5)
models controls solutionscontrols abstractions solutionsmodels abstractions solutionssolutions controls abstractionsmodels controls abstractions
Question 7. 7. (TCO 6) Many believe that the most importantphysical security control is _____. (Points : 5)
closed-circuit televisionagood security planan educated workforcecertified security staffresources
Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly the information resources needed to do his/her job–no more and no less–iscalled _____. (Points : 5)
separation of dutiesneed to knowleast privilegeminimal accessleast common mechanism
Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)
system filesapplication datauser accessnetworks supporting the IT infrastructurethe known good state
Question 10. 10. (TCO 9) Access controls manage the use of_____ by_____ in an information system. (Points : 5)
files peopleinformation resources programsobjects subjectscomputer time peoplecomputer cycles applications
Question 11. 11. (TCO 10) As a generalization symmetric cryptography is used to encrypt_____ and asymmetric cryptography is used to encrypt _____. (Points : 5)
messages identitiesdata identitiesdata signaturesdata messagesmessages signatures
Question 12. 12. (TCO 10)In a given city there are a group of people who wish to communicate through the use of asymmetric cryptography. They do not wish to work with any type of certificate authority. Given this information how would this be accomplished? (Points : 5)
Internal certificate authorityPrivate extranetPublic VPN providerIPSec tunnelsUtilize PGP
Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is called a(n) _____. (Points : 5)
packet-filtering routercircuit-level gatewayapplication-level gatewaystateful inspection firewallbridge firewall
Question 14. 14. (TCO 12) In addition to normalfunctional and assurance bugs intrusion detection is subject to two kinds of errors called_____ and _____. (Points : 5)
type a type bfalse positive false negativehardware softwarefunctional assuranceperformance availability
Question 15. 15. (TCO 13) Identify the SDLC phasein whichbusiness stakeholders and project team members should refer to company information security policies? (Points : 5)
System requirementsSystem designDetailed designCodingProject inception
Question 1. 1. (TCO 1) Explain what is wrong with this policy clause and show how you could fix it. People shall obey corporate policies. (Points : 15)
Question 2. 2. (TCO 2) The three effects of security controls are prevention detection and recovery. Briefly explain how these effects are related to the known good state. (Points : 15)
Question 3. 3. (TCO 3) Briefly explain the principle that states that security = risk management. (Points : 15)
Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system. (Points : 15)
Question 5. 5. (TCO 5) Explain why the Bell-LaPadula model and the Biba model are called dual models. (Points : 15)
Question 6. 6. (TCO 6) Briefly explain why good physical security is critical to good information security. (Points : 15)
Question 7. 7. (TCO 7) Explain what media disposition means. (Points : 15)
Question 8. 8. (TCO 8) Explain the term cold site. (Points : 15)
1. (TCO 9) Explain the advantage of role-based access controls. (Points : 15)
Question 2. 2. (TCO 10) Name the two uses of a private key in asymmetric cryptography. (Points : 15)
Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization. (Points : 15)
Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)
Question 5. 5. (TCO 12) Explain why intrusion detection is necessary in terms of the known good state. (Points : 15)
Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)
Question 7. 7. (TCO 13) Explain what a virus is pointing out how it is different from a worm. (Points : 15)