IA 6473 Chapter 8

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute? NIST ISO COSO COBIT

COBIT

Dumpster exploitation is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. __________ True False

False

In a lattice-based access control, a restriction table is the row of attributes associated with a particular subject (such as a user).​ __________ True False

False

In information security, a framework or security model customized to an organization, including implementation details, is known as a template. __________ True False

False

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a blueprint. __________ True False

False

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties. True False

False

The Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure. True False

False

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as required privilege. __________ True False

False

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as minimal access. True False

False

Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data at the organization's competitors. True False

False

​A security ​monitor is a conceptual piece of the system within the trusted computer base that manages access controls—in other words, it mediates all access to objects by subjects. __________ True False

False

​The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. __________ True False

False

The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization. Compliance Architecture Governance Framework Risk Model Security Blueprint

Governance Framework

The COSO framework is built on five interrelated components. Which of the following is NOT one of them? control activities risk assessment InfoSec governance control environment

InfoSec governance

Under the Common Criteria, which term describes the user-generated specifications for security requirements? Security Target (ST) Target of Evaluation (ToE) Protection Profile (PP) Security Functional Requirements (SFRs)

Protection Profile (PP)

This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec. SP 800-34, Rev. 1: Contingency Planning Guide for Federal Information Systems (2010) SP 800-18, Rev. 1: Guide for Developing Security Plans for Federal Information Systems (2006) SP 800-12, Rev. 1: An Introduction to Information Security (2017) SP 800-55, Rev. 1: Performance Measurement Guide for Information Security (2008) ​ Question 300 / 1 point

SP 800-12, Rev. 1: An Introduction to Information Security (2017)

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"? TCSEC Bell-LaPadula ITSEC Common Criteria

TCSEC

The information security principle that requires significant tasks to be split up so that more than one individual is required to complete them is called isolation of duties. __________ True False

True

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know. __________ True False

True

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following? sensitivity level capabilities table access control list access matrix

access control list

An ATM that limits what kinds of transactions a user can perform is an example of which type of access control? content-dependent constrained user interface nondiscretionary temporal isolation

constrained user interface

In which form of access control is access to a specific set of information contingent on its subject matter? content-dependent access controls constrained user interfaces none of these temporal isolation

content-dependent access controls

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following? corrective deterrent preventative compensating

corrective

An information attack that involves searching through a target organization's trash and recycling bins for sensitive information is known as __________. social engineering rubbish surfing dumpster diving trash trolling

dumpster diving

In information security, a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls is known as a __________. framework blueprint security plan security standard

framework

Which of the following is a generic model for a security program? blueprint methodology security standard framework

framework

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary? need-to-know least privilege eyes only separation of duties

least privilege

The Information Technology Infrastructure Library (ITIL) is a collection of methods and practices primarily for __________. managing the security infrastructure managing the development and operation of IT infrastructures developing secure Web applications operation of IT control systems to improve security

managing the development and operation of IT infrastructures

Which access control principle limits a user's access to the specific information required to perform the currently assigned task? eyes only need-to-know separation of duties least privilege

need-to-know

Which of the following is NOT a change control principle of the Clark-Wilson model? no unauthorized changes by authorized subjects no changes by unauthorized subjects no changes by authorized subjects without external validation the maintenance of internal and external consistency

no changes by authorized subjects without external validation

Which type of access controls can be role-based or task-based? discretionary constrained nondiscretionary content-dependent

nondiscretionary

Which piece of the Trusted Computing Base's security system manages access controls? reference monitor covert channel trusted computing base verification module

reference monitor

Which of the following specifies the authorization level that each user of an information asset is permitted to access, subject to the need-to-know principle? task-based access controls security clearances sensitivity levels discretionary access controls

security clearances

What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them? need-to-know eyes only separation of duties least privilege

separation of duties


Ensembles d'études connexes

METRO MANILA LIT ( PART II: FAMOUS LANDMARKS ON NCR)

View Set

Algebra II Chapter 4 and 5 Study Guide and Review Vocabulary

View Set

PSI - LIFE, ACCIDENT, AND HEALTH - FULL

View Set

The pledge of allegiance (Spanish II)

View Set

AP Euro - Chapter 12 pages 401-413

View Set

This passage is excerpted from Charlotte Bronte, Villette. Originally published in 1853. In this chapter, the narrator and her host, Mrs. Bretton, are trying to occupy a young girl, Paulina, who is staying with them.

View Set