Reference no: EM13986233

Assurance is the process of examining a computer product or system with respect to certain criteria.

2. Problems with providing strong computer security involve only the design phase.

3. IT security management has evolved considerably over the last few decades due to the rise in risks to networked systems.

4. To ensure that a suitable level of security is maintained, management must follow up the implementation with an evaluation of the effectiveness of the security controls.

MULTIPLE CHOICES QUESTIONS

5.      __________ assures that individuals control or influence what information related to them may be collected and stored and by whom and to whom that information may be disclosed.

A.  Availability        C.  System Integrity

B.  Privacy              D.  Data Integrity

Answer

6.      Security classes are referred to as __________.

A.     security clearances         B.  security classifications

C.      security levels              D.  security properties

Answer

7.      __________ ensures that critical assets are sufficiently protected in a cost-effective manner.

A.  IT control                    B.  IT security management

C.  IT discipline                 D.  IT risk implementations

Answer

8.      The intent of the ________ is to provide a clear overview of how an organization's IT infrastructure supports its overall business objectives.

A.   risk register                   B. corporate security policy

c.   vulnerability source        D. threat assessment

Answer

9.      Which of the following supports the Defense-in-depth strategy?

A.  Abstraction            B. Data Hiding

C   Layering               D. Encryption

Answer

10.  The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements.

A.    Access

B.     Asset management

C.     Compliance

D.    Business continuity management

Answer

11.  Which of the following is not a security architecture framework?

A.    Sherwood Applied  Business Security Architecture (SABSA)

B.     NIST Special publication 800-53

C.     ISO 27001 & 27002

D.    Open Web Application Security Project (OWASP)

Answer

12.  Which security management is considered complimentary to ISO/27001 & 20072

A.    SABA

B.     COBIT

C.     NIST Special publication 800-53

D.    OWASP

Answer

13.  The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption.

A.    asset management

B.     business continuity management

C.     information security incident management

D.    physical and environmental security

Answer 

FILL-IN THE BLANK QUESTIONS

14. A loss of _________ is the disruption of access to or use of information or an information system.

Answer

15.  A subject is said to have a security _________ of a given level.

Answer

16.  ISO details a model process for managing information security that comprises the following steps:  plan, do, ________, and act.

Answer

17.  A _________ on an organization's IT systems identifies areas needing treatment.

Answer: Risk Assessment

Answer Table

True/False	Answer
1
2
3
4
Multiple Choices
5
6
7
8
9
10
11
12
13
Short Answer
14
15
16
17

 SHORT ANSWER QUESTIONS

18.  Consider a desktop publishing system used to produce documents for various organizations. Give an example in which system availability is the most impotent requirement. Please be very brief.

Answer:

19.  The necessity of the "no read up" rule for a multilevel security is fairly obvious. What is the importance of the "no write down" rule?

 Answer

20.  List and briefly define the five alternatives for treating identified risks.

Answer: