Question 1

Controls access to a specific set of information based on its content.

Accepted Answer

A)  Blueprint 
B)  DAC 
C)  content-dependent access controls 
D)  rule-based access controls 
E)  separation of duties
F) sensitivity levels
G) storage channels
H) task-based controls
I) timing channels
J)TCB

Question 2

​The Information Technology Infrastructure Library (ITIL)is a collection of policies and practices for managing the development and operation of IT infrastructures.

Accepted Answer

A) True 
 B)False

Question 3

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.

Accepted Answer

A) True 
 B)False

Question 4

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Accepted Answer

A)  Use within an organization to formulate security requirements and objectives 
B)  Implementation of business-enabling information security 
C)  Use within an organization to ensure compliance with laws and regulations 
D)  To enable organizations that adopt it to obtain certification

Question 5

Under what circumstances should access controls be centralized vs.decentralized?

Accepted Answer

The answer of Under what circumstances should access controls be...

Question 6

One of the TCSEC's covert channels,which communicate by modifying a stored object.

Accepted Answer

A)  Blueprint 
B)  DAC 
C)  content-dependent access controls 
D)  rule-based access controls 
E)  separation of duties
F) sensitivity levels
G) storage channels
H) task-based controls
I) timing channels
J)TCB

Question 7

____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.

Accepted Answer

The answer of ____________________ channels are unauthorized or unintended methods...

Question 8

Which control category discourages an incipient incident?

Accepted Answer

A)  preventative 
B)  deterrent 
C)  remitting 
D)  compensating

Question 9

In the COSO framework,___________ activities include those policies and procedures that support management directives.

Accepted Answer

The answer of In the COSO framework,___________ activities include those...

Question 10

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

Accepted Answer

A)  need-to-know 
B)  eyes only 
C)  least privilege 
D)  separation of duties

Question 11

When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?

Accepted Answer

The answer of When copies of classified information are no...

Question 12

Which of the following is NOT a category of access control?

Accepted Answer

A)  preventative 
B)  mitigating 
C)  deterrent 
D)  compensating

Question 13

​A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access.

Accepted Answer

A) True 
 B)False

Question 14

What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?

Accepted Answer

The answer of What are the five principles that are...

Question 15

There are seven access controls methodologies categorized by their inherent characteristics. List and briefly define them.

Accepted Answer

The answer of There are seven access controls methodologies categorized...

Question 16

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

Accepted Answer

The answer of The ____________________ principle is based on the...

Question 17

In which form of access control is access to a specific set of information contingent on its subject matter?

Accepted Answer

A)  content-dependent access controls 
B)  constrained user interfaces 
C)  temporal isolation 
D)  None of these

Question 18

The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

Accepted Answer

A)  Control environment 
B)  Risk assessment 
C)  Control activities 
D)  InfoSec Governance

Question 19

Which type of access controls can be role-based or task-based?

Accepted Answer

A)  constrained 
B)  content-dependent 
C)  nondiscretionary 
D)  discretionary

Question 20

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

Accepted Answer

A)  need-to-know 
B)  eyes only 
C)  least privilege 
D)  separation of duties

Exam 8: Security Management Models

Controls access to a specific set of information based on its content.

​The Information Technology Infrastructure Library (ITIL)is a collection of policies and practices for managing the development and operation of IT infrastructures.

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Under what circumstances should access controls be centralized vs.decentralized?

One of the TCSEC's covert channels,which communicate by modifying a stored object.

____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.

Which control category discourages an incipient incident?

In the COSO framework,___________ activities include those policies and procedures that support management directives.

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?

Which of the following is NOT a category of access control?

​A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access.

What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?

There are seven access controls methodologies categorized by their inherent characteristics. List and briefly define them.

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

In which form of access control is access to a specific set of information contingent on its subject matter?

The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

Which type of access controls can be role-based or task-based?

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

The Information Technology Infrastructure Library (ITIL)is a collection of policies and practices for managing the development and operation of IT infrastructures.

A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access.