Chat with AIExam 6: Security Management Models
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
Controls that discourage an incipient incident are called ____.
(Multiple Choice)
4.8/5 
(33)
(33) One of the criticisms of the ISO/IEC 17799 standard was that it was not as ____________________ as other frameworks.
(Short Answer)
4.8/5 (35)
(35) Controls that are tied to the position assigned to and performed by an individual user in the organization are called ____.
(Multiple Choice)
4.7/5 (36)
(36) TCSEC is a U.S.DoD standard that is also known as the Red Book,because of its color-coding._________________________
(True/False)
4.8/5 (50)
(50) Preventative controls discourage or deter an incipient incident.
(True/False)
4.8/5 (35)
(35) Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.
(True/False)
4.9/5 (34)
(34) ____________________ controls restore operating conditions back to normal.
(Short Answer)
4.8/5 (42)
(42) An ATM machine is a common example of a(n)constrained user interface form of access control._________________________
(True/False)
4.8/5 (37)
(37) In the TCSEC,the reference monitor is the combination of all hardware,firmware,and software responsible for enforcing the security policy.
(True/False)
4.7/5 (37)
(37) Under the TCSEC model,the term ____ refers to the rules of configuration for a system,rather than a managerial guidance document.
(Multiple Choice)
4.8/5 (34)
(34) Within the TCB is a conceptual object known as the ____________________,which is the piece of the system that manages access controls-in other words,it mediates all access to objects by subjects.
(Short Answer)
4.8/5 (46)
(46) Controls that help an organization avoid an incident are called ____.
(Multiple Choice)
4.8/5 (34)
(34) Another data classification scheme is the personnel security clearance structure,in which each user of an information asset is assigned an authorization level that identifies the level of information classification he or she can access._________________________
(True/False)
4.9/5 (32)
(32) What are the two primary properties of the Bell-LaPadula model and what do they restrict?
(Essay)
4.8/5 (30)
(30) In the ____________________ confidentiality model,rules prevent information from being moved from a level of higher security to a level of lower security.
(Short Answer)
4.8/5 (36)
(36) The COBIT model categorizes control objectives into four domains.List them.
(Essay)
4.8/5 (45)
(45) ____ access controls are implemented at the option of the data user.
(Multiple Choice)
4.9/5 (30)
(30) The cornerstone of the ISO/IEC 27001 standard is a set of processes known as the ____ cycle.
(Multiple Choice)
4.7/5 (32)
(32) Role-based controls are tied to the role that a particular user performs in an organization,whereas content-based controls are tied to a particular assignment or responsibility.
(True/False)
4.9/5 (32)
(32) ____ provides a library of Special Publications that includes Generally Accepted Principles and Practices for Securing IT Systems.
(Multiple Choice)
4.8/5 (33)
(33) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)