CISSP-ISSMP : Information Systems Security Management Professional : Part 04
-
Which of the following refers to the ability to ensure that the data is not modified or tampered with?
- Availability
- Non-repudiation
- Integrity
- Confidentiality
-
Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?
- Cold sites
- Orange sites
- Warm sites
- Duplicate processing facilities
-
Which of the following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information? Each correct answer represents a complete solution. Choose three.
- Employee registration and accounting
- Disaster preparedness and recovery plans
- Network authentication
- Training and awareness
- Encryption
-
You are the Network Administrator for a software company. Due to the nature of your company’s business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?
- The principle of maximum control.
- The principle of least privileges.
- Proper use of an ACL.
- Poor resource management.
-
Which of the following measurements of an enterprise’s security state is the process whereby an organization establishes the parameters within which programs, investments, and acquisitions reach the desired results?
- Information sharing
- Ethics
- Performance measurement
- Risk management
-
Which of the following divisions of the Trusted Computer System Evaluation Criteria (TCSEC) is based on the Mandatory Access Control (MAC) policy?
- Division A
- Division D
- Division B
- Division C
-
Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?
- Senior Management
- Business Unit Manager
- Information Security Steering Committee
- Chief Information Security Officer
-
Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?
- NSA-IAM
- DITSCAP
- ASSET
- NIACAP
-
SIMULATION
Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.
Models
-
Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.
- Shielding
- Spoofing
- Eavesdropping
- Packaging
-
Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.
- Confidentiality
- Integrity
- Availability
- Privacy
-
Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?
- Business continuity plan
- Crisis communication plan
- Contingency plan
- Disaster recovery plan
-
Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.
- Clark-Biba model
- Clark-Wilson model
- Bell-LaPadula model
- Biba model
-
In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?
- Role-Based Access Control
- Discretionary Access Control
- Task-based Access Control
- Mandatory Access Control
-
You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?
- Configuration identification
- Physical configuration audit
- Configuration control
- Functional configuration audit
-
Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?
- Take-Grant Protection Model
- Bell-LaPadula Model
- Biba Integrity Model
- Access Matrix
-
Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?
- Packet filtering
- Tunneling
- Packet sniffing
- Spoofing
-
In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?
- Mobile Site
- Cold Site
- Warm Site
- Hot Site
-
Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.
- If you don’t know the threat, how do you know what to protect?
- If you don’t know what to protect, how do you know you are protecting it?
- If you are not protecting it (the critical and sensitive information), the adversary wins!
- If you don’t know about your security resources you cannot protect your network.
-
Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?
- No
- Yes
Subscribe
0 Comments
Newest