ch 6
Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?
ACL
Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec. and was created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute?
COBIT
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?
CORRECTIVE
A security blueprint is the outline of the more thorough security framework.
FALSE
Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure
FALSE
Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data in the outside world.
FALSE
Under the Common Criteria, which term specifies the user-generated specifications for security requirements? a. Security Target (ST) b. Target of Evaluation (ToE) c. Protection Profile (PP) d. Security Functional Requirements (SFRs)
PP
Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle? Discretionary access controls b. Sensitivity levels c. Security clearances d. Task-based access controls
Security clearances
Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"? a. Common Criteria b. TCSEC c. Bell-LaPadula d. ITSEC
TCSEC
The COSO framework is built on five interrelated components. Which of the following is NOT one of them? a. Internal reporting b. Control activities c. Risk assessment d. Control environment
a. Internal reporting
Which of the following is NOT a category of access control? . preventative b. remitting c. deterrent d. compensating
b remitting
Which of the following is NOT one of the five levels in the U.S. military data classification scheme? a. top secret b. private c. secret d. confidential
b. private
Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.
biba
Which of the following is NOT a change control principle of the Clark-Wilson model? a. The maintenance of internal and external consistency b. No unauthorized changes by authorized subjects c. No changes by authorized subjects without external validation d. No changes by unauthorized subjects
c
In the COSO framework, ___________ activities include those policies and procedures that support management directives.
control
____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system, and include storage and timing channels.
covert
Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.
false
Which access control principle specifies that members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties? a. eyes only b. need-to-know c. separation of duties d. least privilege
least privilege
The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.
need-to-know
Which type of access controls can be role-based or task-based?
nondiscretionary controls
To design a security blueprint, an organization can use a(n) ____________________, which is a generic blueprint offered by a service organization.
security model
Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed?
security model
A time-release safe is an example of which type of access control?
temporal isolation
Which of the following is NOT one of the five levels in the U.S. military data classification scheme? a. top secret b. private c. secret d. confidential
top secret
Lattice-based access control specifies the level of access each subject has to each object, if any.
true
