Question 1

Access controls are build on three key principles.List and briefly define them.

Accepted Answer

Least privilege: The principle by which

Question 2

When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?

Accepted Answer

When copies of classified information ar

Question 3

Which of the following is NOT one of the three levels in the U.S.military data classification scheme for National Security Information?

Accepted Answer

A)  confidential 
B)  secret 
C)  top secret 
D)  for official use only 
A)  confidential 
B)  secret 
C)  top secret 
D)  for official use only

Question 4

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

Accepted Answer

need to kn

Question 5

Which type of access controls can be role-based or task-based?

Accepted Answer

A)  constrained 
B)  content-dependent 
C)  nondiscretionary 
D)  discretionary 
A)  constrained 
B)  content-dependent 
C)  nondiscretionary 
D)  discretionary

Question 6

Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?

Accepted Answer

A)  Discretionary access controls 
B)  Task-based access controls 
C)  Security clearances 
D)  Sensitivity levels 
A)  Discretionary access controls 
B)  Task-based access controls 
C)  Security clearances 
D)  Sensitivity levels

Question 7

What are the two primary access modes of the Bell-LaPadula model and what do they restrict?

Accepted Answer

BLP access modes can be one of two types

Question 8

The data access principle that ensures no unnecessary access to data exists byregulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.____________

Accepted Answer

A) True 
 B)False

Question 9

Under what circumstances should access controls be centralized vs.decentralized?

Accepted Answer

One area of discussion among practitione

Question 10

There are seven access controls methodologies categorized by their inherent characteristics.List and briefly define them.

Accepted Answer

​ • Directive-Employs administrative con

Question 11

Which of the following is NOT a category of access control?

Accepted Answer

A)  preventative 
B)  mitigating 
C)  deterrent 
D)  compensating 
A)  preventative 
B)  mitigating 
C)  deterrent 
D)  compensating

Question 12

According to COSO,internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in what three categories?

Accepted Answer

Effectiveness and efficiency o

Question 13

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Accepted Answer

A)  Use within an organization to formulate security requirements and objectives 
B)  Implementation of business-enabling information security 
C)  Use within an organization to ensure compliance with laws and regulations 
D)  To enable organizations that adopt it to obtain certification 
A)  Use within an organization to formulate security requirements and objectives 
B)  Implementation of business-enabling information security 
C)  Use within an organization to ensure compliance with laws and regulations 
D)  To enable organizations that adopt it to obtain certification

Question 14

A security​ monitor is a conceptual piece of the system within the trusted computer basethat manages accesscontrols-in other words,it mediates all access to objects by subjects.____________

Accepted Answer

A) True 
 B)False

Question 15

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute?

Accepted Answer

A)  COBIT 
B)  COSO 
C)  NIST 
D)  ISO 
A)  COBIT 
B)  COSO 
C)  NIST 
D)  ISO

Question 16

A TCSEC-defined covert channel,which transmit information by managing the relative timing of events.

Accepted Answer

A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB 
A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB

Question 17

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

Accepted Answer

A)  Clark-Wilson 
B)  Bell-LaPadula 
C)  Common Criteria 
D)  Biba 
A)  Clark-Wilson 
B)  Bell-LaPadula 
C)  Common Criteria 
D)  Biba

Question 18

A framework or security model customized to anorganization,including implementation details.

Accepted Answer

A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB 
A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB

Question 19

The information security principle that requires significant tasks to besplit up so that more than one individual is required to complete them is called isolation of duties.____________

Accepted Answer

A) True 
 B)False

Question 20

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

Accepted Answer

A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB 
A) blueprint 
B) DAC 
C) content-dependent access controls 
D) rule-based access controls 
E) separation of duties
F)sensitivity levels
G)storage channels
H)task-based controls
I)timing channels
J)TCB

Access controls are build on three key principles.List and briefly define them.

When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?

Which of the following is NOT one of the three levels in the U.S.military data classification scheme for National Security Information?

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

Which type of access controls can be role-based or task-based?

Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?

What are the two primary access modes of the Bell-LaPadula model and what do they restrict?

The data access principle that ensures no unnecessary access to data exists byregulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.____________

Under what circumstances should access controls be centralized vs.decentralized?

There are seven access controls methodologies categorized by their inherent characteristics.List and briefly define them.

Which of the following is NOT a category of access control?

According to COSO,internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in what three categories?

Which of the following is the primary purpose of ISO/IEC 27001:2005?

A security monitor is a conceptual piece of the system within the trusted computer basethat manages accesscontrols-in other words,it mediates all access to objects by subjects.____________

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute?

A TCSEC-defined covert channel,which transmit information by managing the relative timing of events.

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

A framework or security model customized to anorganization,including implementation details.

The information security principle that requires significant tasks to besplit up so that more than one individual is required to complete them is called isolation of duties.____________

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 8: Security Management Models

Access controls are build on three key principles.List and briefly define them.

When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?

Which of the following is NOT one of the three levels in the U.S.military data classification scheme for National Security Information?

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

Which type of access controls can be role-based or task-based?

Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?

What are the two primary access modes of the Bell-LaPadula model and what do they restrict?

The data access principle that ensures no unnecessary access to data exists byregulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.____________

Under what circumstances should access controls be centralized vs.decentralized?

There are seven access controls methodologies categorized by their inherent characteristics.List and briefly define them.

Which of the following is NOT a category of access control?

According to COSO,internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in what three categories?

Which of the following is the primary purpose of ISO/IEC 27001:2005?

A security​ monitor is a conceptual piece of the system within the trusted computer basethat manages accesscontrols-in other words,it mediates all access to objects by subjects.____________

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute?

A TCSEC-defined covert channel,which transmit information by managing the relative timing of events.

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

A framework or security model customized to anorganization,including implementation details.

The information security principle that requires significant tasks to besplit up so that more than one individual is required to complete them is called isolation of duties.____________

Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

A security monitor is a conceptual piece of the system within the trusted computer basethat manages accesscontrols-in other words,it mediates all access to objects by subjects.____________