Security Management Practices Prep Test

Previous page
Table of content
Next page

1. 

The three elements of the C-I-A triad include

  1. Confidentiality, Integrity, Authentication

  2. Confidentiality, Integrity, Availability

  3. Confidentiality, Integrity, Authorization

  4. Confidentiality, Integrity, Accountability

image from book

2. 

Which of the following government data classification levels describes information that, if compromised, could cause serious damage to national security?

  1. Top Secret

  2. Secret

  3. Confidential

  4. Sensitive but Unclassified

image from book

3. 

The practice of regularly transferring personnel into different positions or departments within an organization is

  1. Separation of duties

  2. Reassignment

  3. Lateral transfers

  4. Job rotations

image from book

4. 

The individual responsible for assigning information classification levels for assigned information assets is

  1. Management

  2. Owner

  3. Custodian

  4. User

image from book

5. 

Most security policies are categorized as

  1. Informative

  2. Regulatory

  3. Mandatory

  4. Advisory

image from book

6. 

A baseline is a type of

  1. Policy

  2. Guideline

  3. Procedure

  4. Standard

image from book

7. 

ALE is calculated by using the following formula:

  1. SLE x ARO x EF = ALE

  2. SLE x ARO = ALE

  3. SLE + ARO = ALE

  4. SLE – ARO = ALE

image from book

8. 

Which of the following is not considered a general remedy for risk management?

  1. Risk reduction

  2. Risk acceptance

  3. Risk assignment

  4. Risk avoidance

image from book

9. 

Failure to implement a safeguard may result in legal liability if

  1. The cost to implement the safeguard is less than the cost of the associated loss.

  2. The cost to implement the safeguard is more than the cost of the associated loss.

  3. An alternate but equally effective and less expensive safeguard is implemented.

  4. An alternate but equally effective and more expensive safeguard is implemented.

image from book

10. 

A cost-benefit analysis is useful in safeguard selection for determining

  1. Safeguard effectiveness

  2. Technical feasibility

  3. Cost-effectiveness

  4. Operational impact

image from book

Answers

1. 

B. Confidentiality, Integrity, Availability. Confidentiality, integrity, and availability are the three elements of the C-I-A triad. Authentication, authorization, and accountability are access control concepts. Review “Information Security Management Concepts and Principles.”

2. 

B. Secret.Top Secret information leaks could cause grave damage. Confidential information breaches could cause damage. Sensitive but Unclassified information doesn’t have a direct impact on national security. Review “Government data classification.”

3. 

D. Job rotations. Separation of duties is related to job rotations but is distinctly different. Reassignment and lateral transfers are functionally equivalent to job rotations but aren’t necessarily done for the same reasons and aren’t considered security employment practices. Review “Job rotations.”

4. 

B. Owner. Although an information owner may be in a management position and is also considered a user, the information owner role has the responsibility for assigning information classification levels. An information custodian is responsible for day-to-day security tasks. Review “Security roles and responsibilities.”

5. 

D. Advisory. Although not mandatory, advisory policies are highly recommended and may provide penalties for failure to comply. Review “Policies.”

6. 

D. Standard. A baseline takes into account system-specific parameters to help an organization identify appropriate standards. Review “Standards (and baselines).”

7. 

B. SLE x ARO = ALE. SLE x ARO = ALE is the correct formula for calculating ALE, where SLE is the Single Loss Expectancy, ARO is the Annualized Rate of Occurrence, and ALE is the Annualized Loss Expectancy expressed in dollars. Review “Risk analysis.”

8. 

D. Risk avoidance. Although risk avoidance is a valid concept, it’s impossible to achieve and therefore not considered a general remedy for risk management. Review “Risk control.”

9. 

A. The cost to implement the safeguard is less than the cost of the associated loss.This basic legal liability test determines whether the cost of the safeguard is less than the cost of the associated loss if a threat is realized. Review “Legal liability.”

10. 

C. Cost-effectiveness. A cost-benefit analysis won’t help an organization determine the effectiveness of a safeguard, its technical feasibility, or its operational impact. Review “Cost-effectiveness.”



Previous page
Table of content
Next page
CISSP For Dummies
CISSP For Dummies
ISBN: 0470537914
EAN: 2147483647
Year: 2004
Pages: 242
Authors: Lawrence C. Miller, Peter H. Gregory CISA CISSP
BUY ON AMAZON
Beginners Guide to DarkBASIC Game Programming (Premier Press Game Development)
Crystal Reports 9 on Oracle (Database Professionals)
Inside Network Security Assessment: Guarding Your IT Infrastructure
Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
Information Dashboard Design: The Effective Visual Communication of Data
VBScript in a Nutshell, 2nd Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy