Information Assurance and Security 1 (Lab)

Information Assurance and Security
(PreMP1, MP2, PreLab)
(MidMP1, MP2, MidLab)
(FinMP1, MP2, FinLab)


Question text

Security architecture has its own discrete security methodology.

Select one:

Question text

True or False: Written and published security policy

Select one:

Question text

Those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes


Identify extended enterprise (units)

Question text

True or False: Identify extended enterprise (units) - those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes

Select one:

Question text

True or False: Codified data/information asset ownership and custody

Select one:

Question text

Determine who are the legitimate actors who will interact with the product/service/process. What phase is that?

Select one:

Question text

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Select one:

Question text

Many security vulnerabilities originate as design or code errors and the simplest and least expensive method to locate and find such errors is generally an early review by experienced peers in the craft. What phase is that?

Select one:

Question text

Changes in security requirements are often more disruptive than a simplification or incremental change. Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What phase is that?


Select one:

Question text

Development of the business scenarios and subsequent high-level use-cases of the project concerned will bring to attention the people actors and system actors involved. What phase is that?

Select one:

Question text

The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.

Select one:

Question text

Those who are most affected and achieve most value from the security work


Question text

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects.

Select one:

Question text

The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.

Select one:

Question text

Those who will see change to their capability and work with core units but are otherwise not directly affected

Question text

Acronym for TCB?

Select one:

Question text

Is it true or false. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data.

Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

What are the steps in intrusion model?

Select one:

Question text

Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.

Select one:

 

 

Question text

Risk Management Procedure consists of six steps.

Select one or more:

Feedback

Question text

Seven Stages of lifecycle model

Select one:

Feedback

Question text

Are the security features of a system that  provide enforcement of a security policy.


Select one:

Feedback

Question text

Acceptance, avoidance, mitigation,  transfer—are with respect to a specific risk for a specific pary.

Select one:

Feedback

Question text

Is a generic term that implies a mechanism in place to  provide a basis for confidence in the reliability/security of the  system.

Select one:

Question text

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

Select one:

Question text

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

Select one:

Question text

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;


Question text

What are the steps in intrusion model?

Select one:

Question text

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;


Question text

Is roughly equivalent to privacy

Select one:

Feedback

Question text

Assurance that the information is authentic and complete.


Select one:

Feedback

Question text

Assurance that information is shared only among authorized persons or organizations.


Select one:

Feedback

Question text

Is the process of maintaining an acceptable level of perceived risk   

Question text

In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.

Select one:
 

Question 1

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Assurance that the sender is provided with proof  of a data delivery and recipient is provided with proof  of the sender’s identity, so that neither can later deny  having processed the data.

Question 2

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Protection against unauthorized modification or  destruction of information

Question 3

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Security measures to establish the validity of a  transmission, message, or originator.


Question 4

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Assurance that information is not disclosed to  unauthorized persons

Question 5

Correct
Mark 20.00 out of 20.00
Flag question

Question text

It should be:  accurate, timely, complete, verifiable, consistent,  available.


Select one:

Feedback

Question 1

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Four Security Domains

Select one or more:

Feedback

Question 2

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Three distinct levels:

Select one or more:

Feedback

Question 3

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Processed data

Question 4

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Physical attack and destruction, including:  electromagnetic attack, visual spying, intrusion,  scavenging and removal, wiretapping, interference,  and eavesdropping.


Select one:

Feedback

Question 5

Correct
Mark 20.00 out of 20.00
Flag question

Question text

Is a variety of ongoing measures taken to  reduce the likelihood and severity of accidental and intentional  alteration, destruction, misappropriation, misuse, misconfiguration,  unauthorized distribution, and unavailability of an organization’s  logical and physical assets, as the result of action or inaction by  insiders and known outsiders, such as business partners.”


Select one:

Feedback