Ch 8. Practice Test II
The Information Security __________ is a managerial model provided by an industry working group, National Cyber Security Partnership, which provides guidance in the development and implementation of organizational InfoSec structures and recommends the responsibilities that various members should have in an organization.
. Governance Framework
In which form of access control is access to a specific set of information contingent on its subject matter?
. content-dependent access controls
Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones?
Biba
Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?
COBIT
ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n) _______
Information Security Management System
Which of the following is the original purpose of ISO/IEC 17799?
To offer guidance for the management of InfoSec to individuals responsible for their organization's security programs
Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy is known as the __________.
Trusted Computing Base
This NIST publication provides information on the elements of InfoSec, key roles and responsibilities, an overview of threats and vulnerabilities, a description of the three NIST security policy categories, and an overview of the NIST RM Framework and its use, among other topics needed for a foundation in InfoSec.
a. SP 800-12, Rev. 1: An Introduction to Information Security (2017)
Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information
b. for official use only
An information attack that involves searching through a target organization's trash and recycling bins for sensitive information is known as _________
dumpster diving
Which of the following is a generic model for a security program?
framework
Although COBIT was designed to be an IT __________ and management structure, it includes a framework to support InfoSec requirements and assessment needs.
governance
Which of the following is NOT a category of access control?
mitigating
Which of the following specifies the authorization level that each user of an information asset is permitted to access, subject to the need-to-know principle?
security clearances
What is the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them?
separation of duties
