Chapter 08 example #55976

19 May 2024
4.5 (207 reviews)
25 test answers

Unlock all answers in this set

Unlock answers (21)
question
True
answer
The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know. ____________
question
Mitigating
answer
Which of the following is NOT a category of access control?
question
InfoSec Governance
answer
The COSO framework is built on five interrelated components. Which of the following is NOT one of them?
question
Nondiscretionary
answer
Which type of access controls can be role-based or task-based?
question
Need to know
answer
The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.
question
Deterrent
answer
Which control category discourages an incipient incident?
question
Least Privilege
answer
Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?
question
False
answer
The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege. ____________
question
Security Model
answer
To design a security program, an organization can use a(n) ____________________, which is a generic outline of the more thorough and organization-specific blueprint offered by a service organization.
question
TCSEC
answer
Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?
question
COBIT
answer
Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?
question
Reference Monitor
answer
Which piece of the Trusted Computing Base's security system manages access controls?
question
Temporal Isolation
answer
A time-release safe is an example of which type of access control?
question
Access Control List
answer
Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?
question
Need-to-know
answer
Which access control principle limits a user's access to the specific information required to perform the currently assigned task?
question
Corrective
answer
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?
question
Covert
answer
____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system, and include storage and timing channels.
question
Both A and B are correct (Security Model and Framework)
answer
Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed?
question
False
answer
Dumpster delving is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. ____________
question
False
answer
A security monitor is a conceptual piece of the system within the trusted computer base that manages access controls—in other words, it mediates all access to objects by subjects. ____________
question
No changes by authorized subjects without external validation
answer
Which of the following is NOT a change control principle of the Clark-Wilson model?
question
True
answer
A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. ____________
question
Security Clearances
answer
Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle?
question
False
answer
The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. ____________
question
For official use only
answer
Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information?