Chat with AIExam 8: Security Management Models
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program55 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
The Information Technology Infrastructure Library (ITIL)is a collection of policies andpractices for managing the development and operation of IT infrastructures.____________
Free
(True/False)
4.8/5 
(36)
(36) Correct Answer:
Verified
VerifiedFalse
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?
Free
(Multiple Choice)
4.8/5 (35)
(35) Correct Answer:Verified
VerifiedC
One of the TCSEC's covert channels,which communicate by modifying a stored object.
Free
(Multiple Choice)
4.8/5 (38)
(38) Correct Answer:Verified
VerifiedG
Which of the following is NOT a change control principle of the Clark-Wilson model?
(Multiple Choice)
4.8/5 (46)
(46) Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure.
(True/False)
5.0/5 (28)
(28) To design a security program,an organization can use a(n)____________________,which is a generic outline of the more thorough and organization-specific blueprint offered by a service organization.
(Short Answer)
4.7/5 (29)
(29) What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?
(Essay)
4.9/5 (38)
(38) Which of the following is a generic blueprint offered by a service organization which must be flexible,scalable,robust,and detailed?
(Multiple Choice)
4.9/5 (42)
(42) Lattice-based access control specifies the level of access each subject has to each object,if any.
(True/False)
4.9/5 (38)
(38) Controls access to a specific set of information based on its content.
(Multiple Choice)
4.9/5 (30)
(30) Controls implemented at the discretion or option of the data user.
(Multiple Choice)
4.9/5 (40)
(40) ____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.
(Short Answer)
4.8/5 (28)
(28) A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.
(Multiple Choice)
4.7/5 (29)
(29) In information security,a specification of a model to be followed during the design,selection,and initial and ongoing implementation of all subsequent security controls is known as a blueprint.____________
(True/False)
4.8/5 (35)
(35) Under lattice-based access controls,the column of attributes associated with a particular object (such as a printer)is referred to as which of the following?
(Multiple Choice)
4.8/5 (31)
(31) In a lattice-based access control,a restriction table is the row of attributes associated with aparticular subject (such as a user). ____________
(True/False)
4.8/5 (33)
(33) Within TCSEC,the combination of all hardware,firmware,andsoftware responsible for enforcing the security policy.
(Multiple Choice)
4.9/5 (36)
(36) Which piece of the Trusted Computing Base's security system manages access controls?
(Multiple Choice)
4.8/5 (41)
(41) Lattice-based access controls use a two-dimensional matrix to assign authorizations,what are the two dimensions and what are they called?
(Essay)
4.9/5 (41)
(41) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)