Information Assurance and Security
(PreMP1, MP2, PreLab)
(MidMP1, MP2, MidLab)
(FinMP1, MP2, FinLab)
Question text
Security architecture has its own discrete security methodology.
Question text
True or False: Written and published security policy
Question text
Those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes
Identify extended enterprise (units)
Question text
True or False: Identify extended enterprise (units) - those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes
Question text
True or False: Codified data/information asset ownership and custody
Question text
Determine who are the legitimate actors who will interact with the product/service/process. What phase is that?
Question text
Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?
Question text
Many security vulnerabilities originate as design or code errors and the simplest and least expensive method to locate and find such errors is generally an early review by experienced peers in the craft. What phase is that?
Question text
Changes in security requirements are often more disruptive than a simplification or incremental change. Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What phase is that?
Question text
Development of the business scenarios and subsequent high-level use-cases of the project concerned will bring to attention the people actors and system actors involved. What phase is that?
Question text
The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.
Question text
Those who are most affected and achieve most value from the security work
Question text
Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects.
Question text
The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.
Question text
Those who will see change to their capability and work with core units but are otherwise not directly affected
Question text
Acronym for TCB?
Question text
Is it true or false. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data.
Question text
The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;
Question text
What are the steps in intrusion model?
Question text
Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.
Question text
Risk Management Procedure consists of six steps.
Feedback
Question text
Seven Stages of lifecycle model
Feedback
Question text
Are the security features of a system that provide enforcement of a security policy.
Feedback
Question text
Acceptance, avoidance, mitigation, transfer—are with respect to a specific risk for a specific pary.
Feedback
Question text
Is
a generic term that implies a mechanism in place to provide a basis
for confidence in the reliability/security of the system.
Question text
These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.
Question text
The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;
Question text
Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;
Question text
What are the steps in intrusion model?
Question text
Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;
Question text
Is roughly equivalent to privacy
Feedback
Question text
Assurance that the information is authentic and complete.
Feedback
Question text
Assurance that information is shared only among authorized persons or organizations.
Feedback
Question text
Is the process of maintaining an acceptable level of perceived risk
Question text
In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.
Question 1
Question text
Assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.
Question 2
Question text
Protection against unauthorized modification or destruction of information
Question 3
Question text
Security measures to establish the validity of a transmission, message, or originator.
Question 4
Question text
Assurance that information is not disclosed to unauthorized persons
Question 5
Question text
It should be: accurate, timely, complete, verifiable, consistent, available.
Feedback
Question 1
Question text
Four Security Domains
Feedback
Question 2
Question text
Three distinct levels:
Feedback
Question 3
Question text
Processed data
Question 4
Question text
Physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.
Feedback
Question 5
Question text
Is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and physical assets, as the result of action or inaction by insiders and known outsiders, such as business partners.”