Question 1

The policies of the Bell-LaPadula model are

Accepted Answer

A) Ring (no read down)and Low-Water-Mark (no write up) 
B) *-Property (no write up)and Simple Security Rule (no read down) 
C) Ring (no read up)and Low-Water-Mark (no write down) 
D) *-Property (no write down)and Simple Security Rule (no read up) 
A) Ring (no read down)and Low-Water-Mark (no write up) 
B) *-Property (no write up)and Simple Security Rule (no read down) 
C) Ring (no read up)and Low-Water-Mark (no write down) 
D) *-Property (no write down)and Simple Security Rule (no read up)

Question 2

Jane is in the finance department.Although she should not be able to modify files or folders from the marketing department,she can,and does.This a problem of ___________.

Accepted Answer

A) confidentiality 
B) integrity 
C) availability 
D) authentication 
E) nonrepudiation 
A) confidentiality 
B) integrity 
C) availability 
D) authentication 
E) nonrepudiation

Question 3

Which of the following is a security model that addresses integrity?

Accepted Answer

A) Biba 
B) Bell-LaPadula 
C) Layered defense 
D) Ring 
A) Biba 
B) Bell-LaPadula 
C) Layered defense 
D) Ring

Question 4

The database administrator falls ill and is not able to come to work for three weeks.No one else in the company knows how to administer the database server.This is a result of not following which principle?

Accepted Answer

A) Layered defense 
B) Job rotation 
C) Diversity of defense 
D) Security through obscurity 
A) Layered defense 
B) Job rotation 
C) Diversity of defense 
D) Security through obscurity

Question 5

_______________ security places the emphasis on controlling access to internal computers from external entities.

Accepted Answer

The answer of _______________ security places the emphasis on controlling...

Question 6

The policies of the Biba model are

Accepted Answer

A) Ring (no read down)and Low-Water-Mark (no write up) 
B) *-Property (no write down)and Simple Security Rule (no read up) 
C) *-Property (no write up)and Simple Security Rule (no read down) 
D) Ring (no read up)and Low-Water-Mark (no write down) 
A) Ring (no read down)and Low-Water-Mark (no write up) 
B) *-Property (no write down)and Simple Security Rule (no read up) 
C) *-Property (no write up)and Simple Security Rule (no read down) 
D) Ring (no read up)and Low-Water-Mark (no write down)

Question 7

Nonrepudiation means that the person who sends an e-mail will be unable to deny sending the e-mail.

Accepted Answer

A) True 
 B)False

Question 8

Rumors spread around the office that Mrs.Smith was stealing office supplies as well as talking badly about the senior management.This rumor eventually reached her boss,who then fired her.This is likely a violation of which policy?

Accepted Answer

A) Due diligence 
B) Due process 
C) Equal opportunity 
D) Acceptable use 
A) Due diligence 
B) Due process 
C) Equal opportunity 
D) Acceptable use

Question 9

_______________ ensures that the data,or the system itself,is available for use when the authorized user wants it.

Accepted Answer

The answer of _______________ ensures that the data,or the system...

Question 10

John,who is in the development group,has admin passwords to both the development group files and the production group files.This might be a violation of which policy?

Accepted Answer

A) Due diligence 
B) Due process 
C) Need to know 
D) Acceptable use 
A) Due diligence 
B) Due process 
C) Need to know 
D) Acceptable use

Question 11

To ensure that only those individuals who have authority to view a piece of information may do so is called _______________.

Accepted Answer

The answer of To ensure that only those individuals who...

Question 12

The term which refers to the attempt to gain unauthorized access to systems and computers used by a telephone company to operate its telephone network is a _______.

Accepted Answer

A) phone hacker 
B) hacktivist 
C) commh@ck3r 
D) phreaker 
A) phone hacker 
B) hacktivist 
C) commh@ck3r 
D) phreaker

Question 13

Reducing the number of services to the least number necessary for it to properly perform its functions is an example of which principle?

Accepted Answer

A) Least privilege 
B) Separation of duties 
C) Implicit deny 
D) Keep it simple Services are functions,not privileges.Having fewer services on a computer reduces the complexity of the configuration. 
A) Least privilege 
B) Separation of duties 
C) Implicit deny 
D) Keep it simple Services are functions,not privileges.Having fewer services on a computer reduces the complexity of the configuration.

Question 14

The formula for the operational model of computer security is Prevention = Protection + (Detection + Response)

Accepted Answer

A) True 
 B)False

Question 15

Joe sends a scathing e-mail to his boss regarding increased work hours.Joe tries to deny sending the e-mail,but is unable to due to the use of digital signatures.This is an example of ________.

Accepted Answer

A) confidentiality 
B) integrity 
C) availability 
D) authentication 
E) nonrepudiation 
A) confidentiality 
B) integrity 
C) availability 
D) authentication 
E) nonrepudiation

Question 16

Bob inadvertently disconnects the cable from the company file server.This creates a problem of ________.

Accepted Answer

A) confidentiality 
B) integrity 
C) availability 
D) authentication 
E) nonrepudiation 
A) confidentiality 
B) integrity 
C) availability 
D) authentication 
E) nonrepudiation

Question 17

Making the effort to compromise a system more costly than the value of accomplishing it is the goal of security.

Accepted Answer

A) True 
 B)False

Question 18

Gathering seemingly unimportant information and then combining it to discover potentially sensitive information is known as _______________.

Accepted Answer

The answer of Gathering seemingly unimportant information and then combining...

Question 19

Which of the following is a security model that uses transactions as the basis for its rules?

Accepted Answer

A) Biba 
B) Bell-LaPadula 
C) Layered defense 
D) Clark-Wilson 
A) Biba 
B) Bell-LaPadula 
C) Layered defense 
D) Clark-Wilson

Question 20

Audit logs,intrusion detection systems,and honeypots are technologies used for detection.

Accepted Answer

A) True 
 B)False

Exam 2: General Security Concepts

The policies of the Bell-LaPadula model are

Jane is in the finance department.Although she should not be able to modify files or folders from the marketing department,she can,and does.This a problem of ___________.

Which of the following is a security model that addresses integrity?

The database administrator falls ill and is not able to come to work for three weeks.No one else in the company knows how to administer the database server.This is a result of not following which principle?

_______________ security places the emphasis on controlling access to internal computers from external entities.

The policies of the Biba model are

Nonrepudiation means that the person who sends an e-mail will be unable to deny sending the e-mail.

Rumors spread around the office that Mrs.Smith was stealing office supplies as well as talking badly about the senior management.This rumor eventually reached her boss,who then fired her.This is likely a violation of which policy?

_______________ ensures that the data,or the system itself,is available for use when the authorized user wants it.

John,who is in the development group,has admin passwords to both the development group files and the production group files.This might be a violation of which policy?

To ensure that only those individuals who have authority to view a piece of information may do so is called _______________.

The term which refers to the attempt to gain unauthorized access to systems and computers used by a telephone company to operate its telephone network is a _______.

Reducing the number of services to the least number necessary for it to properly perform its functions is an example of which principle?

The formula for the operational model of computer security is Prevention = Protection + (Detection + Response)

Joe sends a scathing e-mail to his boss regarding increased work hours.Joe tries to deny sending the e-mail,but is unable to due to the use of digital signatures.This is an example of ________.

Bob inadvertently disconnects the cable from the company file server.This creates a problem of ________.

Making the effort to compromise a system more costly than the value of accomplishing it is the goal of security.

Gathering seemingly unimportant information and then combining it to discover potentially sensitive information is known as _______________.

Which of the following is a security model that uses transactions as the basis for its rules?

Audit logs,intrusion detection systems,and honeypots are technologies used for detection.

Introduction and Security Trends

Operational-Organizational Security

The Role of People in Security

Cryptography

Public Key Infrastructure

Standards and Protocols

Physical Security

Network Fundamentals

Infrastructure Security

Authentication and Remote Access

Wireless

Intrusion Detection Systems and Network Security

Baselines

Types of Attacks and Malicious Software

E-Mail and Instant Messaging

Web Components

Secure Software Development

Disaster Recovery, Business Continuity, and Organizational Policies

Risk Management

Change Management

Privilege Management

Computer Forensics

Legal Issues and Ethics

Privacy

Filters