Ch 8. Practice Test II

¡Supera tus tareas y exámenes ahora con Quizwiz!

The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization.

. Governance Framework

In which form of access control is access to a specific set of information contingent on its subject matter?

. content-dependent access controls

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones?

Biba

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?

COBIT

ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n) _______

Information Security Management System

Which of the following is the original purpose of ISO/IEC 17799?

To offer guidance for the management of InfoSec to individuals responsible for their organization's security programs

Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy is known as the __________.

Trusted Computing Base

This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec.

a. SP 800-12, Rev. 1: An Introduction to Information Security (2017)

Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information

b. for official use only

An information attack that involves searching through a target organization's trash and recycling bins for sensitive information is known as _________

dumpster diving

Which of the following is a generic model for a security program?

framework

Although COBIT was designed to be an IT __________ and management structure, it includes a framework to support InfoSec requirements and assessment needs.

governance

Which of the following is NOT a category of access control?

mitigating

Which of the following specifies the authorization level that each user of an information asset is permitted to access, subject to the need-to-know principle?

security clearances

What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them?

separation of duties


Conjuntos de estudio relacionados

HRT 476 CH 4 Customer Satisfaction

View Set

Chapter 9 - Ethical aspects of ger. Nursing

View Set

Prep U: Exam 1 Adults 2 Questions

View Set

Real Estate Exam review on taxes

View Set

Chapter 8: Risk, Response, and Recovery

View Set