Chat with AIExam 8: Security Management Models
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program65 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
Controls access to a specific set of information based on its content.
(Multiple Choice)
4.9/5 
(35)
(35) The Information Technology Infrastructure Library (ITIL)is a collection of policies and practices for managing the development and operation of IT infrastructures.
(True/False)
4.8/5 (37)
(37) The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.
(True/False)
4.8/5 (42)
(42) Which of the following is the primary purpose of ISO/IEC 27001:2005?
(Multiple Choice)
4.9/5 (38)
(38) Under what circumstances should access controls be centralized vs.decentralized?
(Essay)
4.9/5 (38)
(38) One of the TCSEC's covert channels,which communicate by modifying a stored object.
(Multiple Choice)
4.8/5 (33)
(33) ____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.
(Short Answer)
4.8/5 (33)
(33) In the COSO framework,___________ activities include those policies and procedures that support management directives.
(Short Answer)
4.8/5 (36)
(36) Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?
(Multiple Choice)
4.8/5 (41)
(41) When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?
(Essay)
4.7/5 (38)
(38) Which of the following is NOT a category of access control?
(Multiple Choice)
4.7/5 (31)
(31) A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access.
(True/False)
5.0/5 (41)
(41) What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?
(Essay)
4.9/5 (44)
(44) There are seven access controls methodologies categorized by their inherent characteristics. List and briefly define them.
(Essay)
4.8/5 (40)
(40) The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.
(Short Answer)
4.8/5 (35)
(35) In which form of access control is access to a specific set of information contingent on its subject matter?
(Multiple Choice)
4.8/5 (35)
(35) The COSO framework is built on five interrelated components.Which of the following is NOT one of them?
(Multiple Choice)
5.0/5 (36)
(36) Which type of access controls can be role-based or task-based?
(Multiple Choice)
4.8/5 (34)
(34) Which access control principle limits a user's access to the specific information required to perform the currently assigned task?
(Multiple Choice)
4.9/5 (37)
(37) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)