Chat with AIExam 8: Security Management Models
Under lattice-based access controls,the column of attributes associated with a particular object (such as a printer)is referred to as which of the following?
(39) 
VerifiedA
Access is granted based on a set of rules specified by the central authority.
(38) VerifiedD
What is the data classification for information deemed to be National Security Information for the U.S.military as specified in 2009 in Executive Order 13526?
(26) VerifiedFor most information,the U.S.military uses a three-level classification scheme for information deemed to be National Security Information (NSI),as defined in Executive Order 12958 in 1995 and Executive Order 13526 in 2009.Here are the classifications along with descriptions from the document: Sec.1.2.Classification Levels.
(a)Information may be classified at one of the following three levels:
1)"Top Secret" shall be applied to information,the unauthorized disclosure of which reasonably could be expected to cause exceptionally grave damage to the national security that the original classification authority is able to identify or describe.
2)"Secret" shall be applied to information,the unauthorized disclosure of which reasonably could be expected to cause serious damage to the national security that the original classification authority is able to identify or describe.
3)"Confidential" shall be applied to information,the unauthorized disclosure of which reasonably could be expected to cause damage to the national security that the original classification authority is able to identify or describe.
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?
(30) Access controls are build on three key principles. List and briefly define them.
(32) Dumpster delving is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information.
(23) Lattice-based access controls use a two-dimensional matrix to assign authorizations,what are the two dimensions and what are they called?
(35) Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.
(29) A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.
(41) A security blueprint is the outline of the more thorough security framework.
(30) Which piece of the Trusted Computing Base's security system manages access controls?
(39) The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know.
(41) Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?
(34) A framework or security model customized to an organization,including implementation details.
(34) Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure.
(40) A TCSEC-defined covert channel,which transmit information by managing the relative timing of events.
(34) A time-release safe is an example of which type of access control?
(38) Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?
(35) According to COSO,internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in what three categories?
(35) In information security,a framework or security model customized to an organization,including implementation details is known as a floorplan.
(37) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)