Chapter 2 Information Secuirty Principles of Success
Which of the following represents the three goals of information security? A. Confidentiality, integrity, and availability B. Prevention, detection, and response C. People controls, process controls, and technology controls D. Network security, PC security and mainframe security
A. Confidentiality, Integrity and availability
Which of the following statements is true? A. Controls are implemented to eliminate risk and eliminate the potential loss. B. Controls are implemented to mitigate risk and reduce the potential for loss C. Controls are implemented to eliminate risk and reduce the potential for loss. D. Controls are implements to mitigate risk and eliminate the potential for loss.
A. Controls are implemented to eliminate risk and eliminate the potential loss.
Which of the following statements is true? A. Security assurance requirements describe how to test the system. B. Security assurance requirements describe how to program the system. C. Security assurance requirements describe to what degree the testing of the system is conducted. D. Security assurance requirements implementation considerations.
A. Security assurance requirements describe how to test the system.
The CIA triad is often represented by which of the following? A. Triangle B. Diagonal C. Ellipse D. Circle
A. Triangle
Which of the following terms best describes the absence of weakness in a system that may possibility be exploited? A. Vulnerability B. Threat C. Risk D. Exposure
A. Vulnerability
Security functional requirements describe which of the following? A. What a security system should do by design B. What controls a security system must implement C. Quality assurance description and testing approach D. How to implement the system
A. What a security system should do by design
Related to information security, confidentiality is the opposite of which of the following? A. Closure B. Disclosure C. Disaster D. Disposal
B. Disclosure
Which of the following terms best describes a cookbook on how to take advantage of a vulnerability. A. risk B. exploit C. Threat D. Program
B. Exploit
Which of the following represents the three types of security controls. A. People functions and technology B. People, process, and technology C. Technology, roles and separation of duties D. Separation of duties processes and people
B. People, process and technology
Which of the following best represents the two types of IT security requirements? A. functional and logical B. Logical and physical C. Functional and assurance D. Functional and physical
C. Functional and assurance
Which of the following terms best describes the assurance that data has not been changed unintentionally due to an accident or malice? A. Availability B. Confidentiality C. Integrity D. Audibility
C. Integrity
Defense in depth is needed to unsure that which three mandatory activities are present in a security system? A. Prevention, res ponce, and prosecution B. Response, collection of evidence, and prosecution C. Prevention, detection and response D. Prevention, response, and management
C. Prevention, detection and response
Which of the following terms best describe the probability that a threat to an information system will materialize? A. Threat B. Bulnerability C. Hole D. Risk
C. Risk
Which of the following statements is true? A. The weakest link in any security system is the technology element. B. The weakest link in any security system is the process element C. The weakest link in any security system is the human element D. Both B and C
C. The weakest link in any security system is the human element
Which of the following statements is true? A. Process controls for IT security include assignment of roles for least privilege B. Process controls for IT security include separation of duties C. Process for IT security include documents procedures. D. All of the above
D. All of the above
