Click here to have a similar A+ quality paper

Order Now

Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5) Preventive, detective, and responsive Prohibitive, permissive, and mandatory Administrative, technical, and physical Management, technical, and operational Roles, responsibilities, and exemptions

1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5)       Preventive, detective, and responsive

Prohibitive, permissive, and mandatory

Administrative, technical, and physical

Management, technical, and operational

Roles, responsibilities, and exemptions

Question 2. 2. (TCO 2) The 10 IISSCC _____ cover 17 NIST control _____ which are arranged in three _____ called management, operational, and technical. (Points : 5)

controls, domains, principles

domains, families, classes

principles, domains, families

domains, families, technologies

technologies, domains, families

 

Question 3. 3. (TCO 2) What are the pillars of security? (Points : 5)

Confidentiality, integrity, and availability

Detection, prevention, and recovery

People, process, and technology

Administration, technology, and operation

 

Question 4. 4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points : 5)

assets, accountability, software

assets, separation of duties, complexity

software, separation of duties, complexity

software, accountability, people

people, separation of duties, technology

 

Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)

companies

managers

citizens

employees

All of the above

 

Question 6. 6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points : 5)

criteria, models, solutions

controls, abstractions, solutions

solutions, abstractions,  models

models, abstractions, solutions

models, controls, solutions

 

Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)

closed-circuit television

a good security plan

an educated workforce

certified security staff

resources

 

Question 8. 8. (TCO 7) The controls that are used by a security operations center including vulnerability management, threat monitoring, and situation reporting from a variety of sensors are used to assess _____. (Points : 5)

status

readiness

known good state

compliance monitoring

intrusion detection

 

Question 9. 9. (TCO 8) A business impact analysis prioritizes systems for recovery. What are the highest priority systems called? (Points : 5)

Mission-critical systems

Security Operations Center systems

Mission-essential systems

Backup and recovery systems

Administrative systems

 

Question 10. 10. (TCO 9) Mandatory access control uses labels and rules to mediate access to _____ by _____. (Points : 5)

objects, subjects

files, people

computer cycles, applications

information assets, people

information assets, network devices

 

Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and asymmetric cryptography is used to encrypt _____. (Points : 5)

messages, identities

data, identities

data, signatures

data, messages

messages, signatures

 

Question 12. 12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points : 5)

Use symmetric keys

Issue smart cards

Implement SSL

Use IPSec

Set up VPN connections

 

Question 13. 13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points : 5)

Layer 1

Layer 2

Layer 3

Layer 4/7

applications

 

Question 14. 14. (TCO 12) A good intrusion detection system will have all of the characteristics of the _____ model and will be flexible enough to adapt to _____. (Points : 5)

Bell LaPadula, mandatory access control

reference monitor, vulnerabilities

Biba, vulnerabilities

OSI, loss of availability

reference monitor, loss of availability

 

Question 15. 15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points : 5)

Improved performance

Increased availability

Greater versatility

Efficient business models 1. (TCO 1) What is wrong with this policy compliance clause? Show how you could fix it. People who violate this policy are subject to sanctions. (Points : 15)

Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls–prevention, detection, and recovery. (Points : 15)

 

Question 3. 3. (TCO 3) Briefly explain the “principle” that states that security = risk management. (Points : 15)

 

Question 4. 4. (TCO 4) Briefly explain how law relates to a decision to “counterattack” a hacker that has attacked your system, and then briefly explain how ethics may relate to a decision to “counterattack” a hacker that has attacked your system. (Points : 15)

 

Question 5. 5. (TCO 5) Explain the effects of the three goals of information security. (Points : 15)

 

Question 6. 6. (TCO 6) Briefly explain the idea of a mantrap. (Points : 15)

 

Question 7. 7. (TCO 7) Explain what media disposition means. (Points : 15)

 

Question 8. 8. (TCO 8) Explain the term warm site. (Points : 15)

1. (TCO 9) Explain the advantage of role-based access controls. (Points : 15)

Question 2. 2. (TCO 10) Name the two uses of a private key in asymmetric cryptography. (Points : 15)

 

Question 3. 3. (TCO 11) Firewalls can implement four kinds of controls: behavior, user, direction, and service controls. Briefly explain what service controls are. (Points : 15)

 

Question 4. 4. (TCO 11) With regard to application-level gateway firewalls, determine the added costs in terms of the activities and resources required to effectively use them. (Points : 15)

 

Question 5. 5. (TCO 12) For intrusion detection, briefly explain what Type 1 and Type 2 errors are. (Points : 15)

 

Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)

 

Question 7. 7. (TCO 13) Explain what a virus is, pointing out how it is different from a worm. (Points : 15)

Click here to have a similar A+ quality paper

Order Now