Question 1. 1. (TCO 1) Information security is a process that protects all of the following except _____. (Points : 5)
personal privacy

payroll integrity

service availability

readiness

hardware integrity

Question 2. 2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)
technologies, domains, families

controls, families, domains

domains, families, technologies

principles, domains, families

controls, domains, principles

Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)
Detection, prevention, and response

Management, technical, and operational

Administrative, technical, and physical

Administrative, technical, and procedural

Question 4. 4. (TCO 3) Security policies, regardless of level, should ensure that _____ of assets is distinguished, _____ of people is maintained, and that _____ is managed because that is the enemy of security. (Points : 5)
sensitivity, separation of duties, technology

labels, responsibility, complexity

labels, accountability, technology

organization, accountability, complexity

sensitivity, separation of duties, complexity

Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)
companies

managers

citizens

employees

All of the above

Question 6. 6. (TCO 5) Ideas can be evaluated using _____, which are _____ that are not meant to be _____. (Points : 5)
models, controls, solutions

controls, abstractions, solutions

models, abstractions, solutions

solutions, controls, abstractions

models, controls, abstractions

Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)
closed-circuit television

a good security plan

an educated workforce

certified security staff

resources

Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly the information resources needed to do his/her job--no more and no less--is called _____. (Points : 5)
separation of duties

need to know

least privilege

minimal access

least common mechanism

Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)
system files

application data

user access

networks supporting the IT infrastructure

the known good state

Question 10. 10. (TCO 9) Access controls manage the use of _____ by _____ in an information system. (Points : 5)
files, people

information resources, programs

objects, subjects

computer time, people

computer cycles, applications

Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and asymmetric cryptography is used to encrypt _____. (Points : 5)
messages, identities

data, identities

data, signatures

data, messages

messages, signatures

Question 12. 12. (TCO 10) In a given city, there are a group of people who wish to communicate through the use of asymmetric cryptography. They do not wish to work with any type of certificate authority. Given this information, how would this be accomplished? (Points : 5)
Internal certificate authority

Private extranet

Public VPN provider

IPSec tunnels

Utilize PGP

Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is called a(n) _____. (Points : 5)
packet-filtering router

circuit-level gateway

application-level gateway

stateful inspection firewall

bridge firewall

Question 14. 14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is subject to two kinds of errors called _____ and _____. (Points : 5)
type a, type b

false positive, false negative

hardware, software

functional, assurance

performance, availability

Question 15. 15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team members should refer to company information security policies? (Points : 5)
System requirements

System design

Detailed design

Coding

Project inception

Question 1.Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies

Question 2. The three effects of security controls are prevention, detection, and recovery. Briefly explain how these effects are related to the known good state

Question 3. Briefly explain the "principle" that states that security = risk management

Question 4. Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system.

Question 5. Explain why the Bell-LaPadula model and the Biba model are called dual models

Question 6. Briefly explain why good physical security is critical to good information security

Question 7. Explain what media disposition means

Question 8. Explain the term cold site

Question 9. Explain the advantage of role-based access controls

Question 10. Name the two uses of a private key in asymmetric cryptography

Question 11. Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization

Question 12. What is often another term for a bastion host?

Question 13. Explain why intrusion detection is necessary in terms of the known good state

Question 14. Summarize the benefits of application-level gateways

Question 15. Explain what a virus is, pointing out how it is different from a worm.