Chapter 08 example #55976

The principle of limiting users' access privileges to the specific information required to perform their assigned tasks is known as need-to-know. ____________

Which of the following is NOT a category of access control?

The COSO framework is built on five interrelated components. Which of the following is NOT one of them?

Which type of access controls can be role-based or task-based?

The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.

Which control category discourages an incipient incident?

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege. ____________

To design a security program, an organization can use a(n) ____________________, which is a generic outline of the more thorough and organization-specific blueprint offered by a service organization.

Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec, and was created by ISACA and the IT Governance Institute?

Which piece of the Trusted Computing Base's security system manages access controls?

A time-release safe is an example of which type of access control?

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?

Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system, and include storage and timing channels.

Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable, robust, and detailed?

Dumpster delving is an information attack that involves searching through a target organization's trash and recycling bins for sensitive information. ____________

A security monitor is a conceptual piece of the system within the trusted computer base that manages access controls—in other words, it mediates all access to objects by subjects. ____________

Which of the following is NOT a change control principle of the Clark-Wilson model?

A person's security clearance is a personnel security structure in which each user of an information asset is assigned an authorization level that identifies the level of classified information he or she is cleared to access. ____________

Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle?

The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the development and operation of IT infrastructures. ____________

Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National Security Information?