ch 6

Ace your homework & exams now with Quizwiz!

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?

ACL

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec. and was created by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute?

COBIT

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

CORRECTIVE

A security blueprint is the outline of the more thorough security framework.

FALSE

Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure

FALSE

Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data in the outside world.

FALSE

Under the Common Criteria, which term specifies the user-generated specifications for security requirements? a. Security Target (ST) b. Target of Evaluation (ToE) c. Protection Profile (PP) d. Security Functional Requirements (SFRs)

PP

Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle? Discretionary access controls b. Sensitivity levels c. Security clearances d. Task-based access controls

Security clearances

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"? a. Common Criteria b. TCSEC c. Bell-LaPadula d. ITSEC

TCSEC

The COSO framework is built on five interrelated components. Which of the following is NOT one of them? a. Internal reporting b. Control activities c. Risk assessment d. Control environment

a. Internal reporting

Which of the following is NOT a category of access control? . preventative b. remitting c. deterrent d. compensating

b remitting

Which of the following is NOT one of the five levels in the U.S. military data classification scheme? a. top secret b. private c. secret d. confidential

b. private

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

biba

Which of the following is NOT a change control principle of the Clark-Wilson model? a. The maintenance of internal and external consistency b. No unauthorized changes by authorized subjects c. No changes by authorized subjects without external validation d. No changes by unauthorized subjects

c

In the COSO framework, ___________ activities include those policies and procedures that support management directives.

control

____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system, and include storage and timing channels.

covert

Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.

false

Which access control principle specifies that members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties? a. eyes only b. need-to-know c. separation of duties d. least privilege

least privilege

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

need-to-know

Which type of access controls can be role-based or task-based?

nondiscretionary controls

To design a security blueprint, an organization can use a(n) ____________________, which is a generic blueprint offered by a service organization.

security model

Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed?

security model

A time-release safe is an example of which type of access control?

temporal isolation

Which of the following is NOT one of the five levels in the U.S. military data classification scheme? a. top secret b. private c. secret d. confidential

top secret

Lattice-based access control specifies the level of access each subject has to each object, if any.

true


Related study sets

5 STEPS TO A 5: 500 Questions - Population (#43-63)

View Set

Vocabulary Unit 6 (English Plus 1)

View Set

Chapter 16: Anatomy of the Heart

View Set