Page 1
Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5)
Preventive, detective, and responsive
Prohibitive, permissive, and mandatory
Administrative, technical, and physical
Management, technical, and operational
Roles, responsibilities, and exemptions
Question 2.2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)
technologies, domains, families
controls, families, domains
domains, families, technologies
principles, domains, families
controls, domains, principles
Question 3.3. (TCO 2) What are the effects of security controls? (Points : 5)
Confidentiality, integrity, and availability
Administrative, physical, and operational
Detection, prevention, and response
Management, operational, and technical
Question 4.4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points : 5)
assets, accountability, software
assets, separation of duties, complexity
software, separation of duties, complexity
software, accountability, people
people, separation of duties, technology
Question 5.5. (TCO 4) “There shall be a way for an individual to correct information in his or her records” is a clause that might be found in a _____. (Points : 5)
law
code of ethics
corporate policy
fair information practices statement
Any of the above
Question 6.6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points : 5)
criteria, models, solutions
controls, abstractions, solutions
solutions, abstractions, models
models, abstractions, solutions
models, controls, solutions
Question 7.7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)
closed-circuit television
a good security plan
an educated workforce
certified security staff
resources
Question 8.8. (TCO 7) The mission of the security operations center might best be described as _____. (Points : 5)
continuous monitoring
maintaining the known good state
policy enforcement
reporting to management
configuration management
Question 9.9. (TCO 8) Alternate sites used in disaster recovery would normally not include which of the following? (Points : 5)
Hot site
Cold site
Warm site
Shared site
Alternate site
Question 10.10. (TCO 9) The basic elements of any access control model is a reference monitor that mediates access to _____ by _____. (Points : 5)
files, people
objects, subjects
files, principals
named resources, named users
computer time, applications
Question 11.11. (TCO 10) In a network system, you will normally find that _____ are encrypted using asymmetric cryptography, and _____ are encrypted using symmetric cryptography. (Points : 5)
signatures, messages
messages, data
hash totals, messages
messages, hash totals
data, messages
Question 12.12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points : 5)
Use symmetric keys
Issue smart cards
Implement SSL
Use IPSec
Set up VPN connections
Question 13.13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points : 5)
Layer 1
Layer 2
Layer 3
Layer 4/7
applications
Question 14.14. (TCO 12) The two standard approaches to intrusion detection are _____ and _____. (Points : 5)
access control, firewall
anomaly, rule
policy, label
role, account
user, program
Question 15.15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points : 5)
Improved performance
Increased availability
Greater versatility
Efficient business models
Page 2
Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies. (Points : 15)
Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls–prevention, detection, and recovery. (Points : 15)
Question 3. 3. (TCO 3) Briefly explain how defense in depth is a management strategy for security. (Points : 15)
Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system. (Points : 15)
Question 5. 5. (TCO 5) Explain the effects of the three goals of information security. (Points : 15)
Question 6. 6. (TCO 6) Briefly describe the idea of a smart card. (Points : 15)
Question 7. 7. (TCO 7) Explain the purpose of a security operations center. (Points : 15)
Question 8. 8. (TCO 8) Explain the term warm site. (Points : 15)
Page 3
Question 1. 1. (TCO 9) Distinguish between an access control list and a capabilities list. (Points : 15)
Question 2. 2. (TCO 10) Briefly explain why key management is a critical requirement for a good symmetric cryptographic solution. (Points : 15)
Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization. (Points : 15)
Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)
Question 5. 5. (TCO 12) Explain what the symbol P(A|B) means. (Points : 15)
Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)
Question 7. 7. (TCO 13) Briefly explain what object orientation is and what it is used for. (Points : 15)