Question 1

The principle of limiting users' access privileges to the specific informationrequired to perform their assigned tasks is known asneed-to-know.____________

Accepted Answer

A) True 
 B)False

Question 2

A time-release safe is an example of which type of access control?

Accepted Answer

A)  content-dependent 
B)  constrained user interface 
C)  temporal isolation 
D)  nondiscretionary 
A)  content-dependent 
B)  constrained user interface 
C)  temporal isolation 
D)  nondiscretionary

Question 3

Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.

Accepted Answer

A) True 
 B)False

Question 4

The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

Accepted Answer

A)  Control environment 
B)  Risk assessment 
C)  Control activities 
D)  InfoSec Governance 
A)  Control environment 
B)  Risk assessment 
C)  Control activities 
D)  InfoSec Governance

Question 5

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

Accepted Answer

A)  Bell-LaPadula 
B)  TCSEC 
C)  ITSEC 
D)  Common Criteria 
A)  Bell-LaPadula 
B)  TCSEC 
C)  ITSEC 
D)  Common Criteria

Question 6

In which form of access control is access to a specific set of information contingent on its subject matter?

Accepted Answer

A)  content-dependent access controls 
B)  constrained user interfaces 
C)  temporal isolation 
D)  None of these 
A)  content-dependent access controls 
B)  constrained user interfaces 
C)  temporal isolation 
D)  None of these

Question 7

Under the Common Criteria,which term describes the user-generated specifications for security requirements?

Accepted Answer

A)  Target of Evaluation (To
E)  
B)  Protection Profile (PP) 
C)  Security Target (ST) 
D)  Security Functional Requirements (SFRs) 
A)  Target of Evaluation (To
E)  
B)  Protection Profile (PP) 
C)  Security Target (ST) 
D)  Security Functional Requirements (SFRs)

Question 8

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

Accepted Answer

A)  need-to-know 
B)  eyes only 
C)  least privilege 
D)  separation of duties 
A)  need-to-know 
B)  eyes only 
C)  least privilege 
D)  separation of duties

Question 9

In information security,a framework or security model customized to anorganization,including implementation details is known as afloorplan._____________

Accepted Answer

A) True 
 B)False

Question 10

Access is granted based on a set of rules specified by the central authority.

Accepted Answer

A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB 
A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB

Question 11

In the COSO framework,___________ activities include those policies and procedures that support management directives.

Accepted Answer

The answer of In the COSO framework,___________ activities include those...

Question 12

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

Accepted Answer

A)  need-to-know 
B)  eyes only 
C)  least privilege 
D)  separation of duties 
A)  need-to-know 
B)  eyes only 
C)  least privilege 
D)  separation of duties

Question 13

ISO/IEC 27001 provides implementation detailson how to implement ISO/IEC 27002 and how to set up a(n)____________________.

Accepted Answer

informatio

Question 14

Dumpster delvingis an information attack that involves searching through a target organization'strash and recycling bins for sensitive information.____________

Accepted Answer

A) True 
 B)False

Question 15

One approach used to categorize access control methodologies categorizes controls based on their operational impact on the organization.What are these categories as described by NIST?

Accepted Answer

Management Operation

Question 16

What is the data classification for information deemed to be National Security Information for the U.S.military as specified in 2009 in Executive Order 13526?

Accepted Answer

​ For most information,the U.S.military

Question 17

A person'ssecurity clearance is a personnel security structure in which each user of an information asset isassigned an authorization level that identifies the level of classified information he or she iscleared to access.____________

Accepted Answer

A) True 
 B)False

Question 18

A security blueprint is the outline of the more thorough security framework.

Accepted Answer

A) True 
 B)False

Question 19

Ratings of the security level for a specified collection of information (or user)within a mandatory access control scheme.

Accepted Answer

A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB 
A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB

Question 20

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

Accepted Answer

A) True 
 B)False

The principle of limiting users' access privileges to the specific informationrequired to perform their assigned tasks is known asneed-to-know.____________

A time-release safe is an example of which type of access control?

Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.

The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

In which form of access control is access to a specific set of information contingent on its subject matter?

Under the Common Criteria,which term describes the user-generated specifications for security requirements?

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

In information security,a framework or security model customized to anorganization,including implementation details is known as afloorplan._____________

Access is granted based on a set of rules specified by the central authority.

In the COSO framework,___________ activities include those policies and procedures that support management directives.

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

ISO/IEC 27001 provides implementation detailson how to implement ISO/IEC 27002 and how to set up a(n)____________________.

Dumpster delvingis an information attack that involves searching through a target organization'strash and recycling bins for sensitive information.____________

One approach used to categorize access control methodologies categorizes controls based on their operational impact on the organization.What are these categories as described by NIST?

What is the data classification for information deemed to be National Security Information for the U.S.military as specified in 2009 in Executive Order 13526?

A person'ssecurity clearance is a personnel security structure in which each user of an information asset isassigned an authorization level that identifies the level of classified information he or she iscleared to access.____________

A security blueprint is the outline of the more thorough security framework.

Ratings of the security level for a specified collection of information (or user)within a mandatory access control scheme.

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 8: Security Management Models

The principle of limiting users' access privileges to the specific informationrequired to perform their assigned tasks is known asneed-to-know.____________

A time-release safe is an example of which type of access control?

Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.

The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

In which form of access control is access to a specific set of information contingent on its subject matter?

Under the Common Criteria,which term describes the user-generated specifications for security requirements?

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

In information security,a framework or security model customized to anorganization,including implementation details is known as afloorplan._____________

Access is granted based on a set of rules specified by the central authority.

In the COSO framework,___________ activities include those policies and procedures that support management directives.

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

ISO/IEC 27001 provides implementation detailson how to implement ISO/IEC 27002 and how to set up a(n)____________________.

Dumpster delvingis an information attack that involves searching through a target organization'strash and recycling bins for sensitive information.____________

One approach used to categorize access control methodologies categorizes controls based on their operational impact on the organization.What are these categories as described by NIST?

What is the data classification for information deemed to be National Security Information for the U.S.military as specified in 2009 in Executive Order 13526?

A person'ssecurity clearance is a personnel security structure in which each user of an information asset isassigned an authorization level that identifies the level of classified information he or she iscleared to access.____________

A security blueprint is the outline of the more thorough security framework.

Ratings of the security level for a specified collection of information (or user)within a mandatory access control scheme.

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters