Information Assurance and Security 1

Information Assurance and Security 1
(Final Q1, Q2, FinXam)



Question text

True or False: Identify the security governance involved, including legal frameworks and geographies (enterprises)

Select one:

Question text

True or False: Business rules regarding handling of data/information assets

Select one:

Question text

Those who will see change to their capability and work with core units but are otherwise not directly affected


Identify soft enterprise

Question text

True or False:  Identify core enterprise (units) - those who are most affected and achieve most value from the security work

Select one:

Question text

The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.

Select one:

Question text

Changes in security standards are usually less disruptive since the trade-off for their adoption is based on the value of the change. However, standards changes can also be mandated. What phase is that?


Select one:

Question text

Those stakeholders who will be affected by security capabilities and who are in groups of communities


Identify communities involved

Question text

Assess the impact of new security measures upon other new components or existing leveraged systems. What phase is that?

Select one:

Question text

Security architecture has its own discrete security methodology.

Select one:

Question text

Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful implementation of the findings. What phase is that?

Select one:

Question text

True or False: Identify soft enterprise (units) - those who will see change to their capability and work with core units but are otherwise not directly affected

Select one:

Question text

Security architecture composes its own discrete views and viewpoints.


Select one:

Question text

True or False: Codified data/information asset ownership and custody

Select one:

Question text

Development of the business scenarios and subsequent high-level use-cases of the project concerned will bring to attention the people actors and system actors involved. What phase is that?

Select one:

Question text

The protection of information assets from loss or unintended disclosure, and resources from unauthorized and unintended use.


Select one:

Question text

The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.

Select one:

Question text

Assess and baseline current security-specific technologies. What phase is that?

Select one:

Question text

True or False: Risk analysis documentation

Select one:

Question text

True or False: Written and published security policy

Select one:

Question text

The substantiation of the identity of a person or entity related to the enterprise or system in some way.

Select one:

Question text

Changes in security requirements are often more disruptive than a simplification or incremental change. Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What phase is that?


Select one:

Question text

Assess and baseline current security-specific technologies. What phase is that?

Select one:

Question text

In a phased implementation the new security components are usually part of the infrastructure in which the new system is implemented. The security infrastructure needs to be in a first or early phase to properly support the project. What phase is that?

Select one:

Question text

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Select one:

Question text

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Select one:

Question text

Security architecture introduces unique, single-purpose components in the design.

Select one:

Question text

True or False: Identify communities involved (enterprises) - those stakeholders who will be affected by security capabilities and who are in groups of communities

Select one:

Question text

Identify existing security services available for re-use

Select one:

Question text

Those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes


Identify extended enterprise

Question text

True or False: Identify extended enterprise (units) - those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes

Select one:

Question text

True or False: Data classification policy documentation

Select one:

Question text

The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.

Select one:

Question text

Those who are most affected and achieve most value from the security work


Identify core enterpise

Question text

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Select one:

Question text

Revisit assumptions regarding interconnecting systems beyond project control, Identify and evaluate applicable recognized guidelines and standards and Identify methods to regulate consumption of resources. What phase is that?

Select one:

Question text

The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.

Select one:

Question text

Security architecture addresses non-normative flows through systems and among applications.

Select one:

Question text

Determine who are the legitimate actors who will interact with the product/service/process. What phase is that?

Select one:

Question text

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects.

Select one:

Question text

Many security vulnerabilities originate as design or code errors and the simplest and least expensive method to locate and find such errors is generally an early review by experienced peers in the craft. What phase is that?

Select one:

Question text

The organization's attitude and tolerance for risk.

Select one:

Question text

The following security specifics appropriate to the security architecture must be addressed within each phase in addition to the generic phase activities. What phase is that?


Select one:

Question text

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM

Select one:

Question text

Every system will rely upon resources that may be depleted in cases that may or may not be anticipated at the point of system design. What phase is that?

Select one:

Question text

The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.

Select one:

Question text

Security architecture introduces its own normative flows through systems and among applications.

Select one:

Question text

From the Baseline Security Architecture and the Enterprise Continuum, there will be existing security infrastructure and security building blocks that can be applied to the requirements derived from this architecture development engagement. What phase is that?

Select one:

Question text

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Select one:

Question text

Every system will rely upon resources that may be depleted in cases that may or may not be anticipated at the point of system design. What phase is that?

Select one:

Question text

Determine who are the legitimate actors who will interact with the product/service/process. What phase is that?

Select one:

Question text

Revisit assumptions regarding interconnecting systems beyond project control, Identify and evaluate applicable recognized guidelines and standards and Identify methods to regulate consumption of resources. What phase is that?

Select one:

Question text

Development of the business scenarios and subsequent high-level use-cases of the project concerned will bring to attention the people actors and system actors involved. What phase is that?

Select one:

Question text

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

Select one:

Question text

In a phased implementation the new security components are usually part of the infrastructure in which the new system is implemented. The security infrastructure needs to be in a first or early phase to properly support the project. What phase is that?

Select one:

Question text

Assess the impact of new security measures upon other new components or existing leveraged systems. What phase is that?

Select one:

Question text

Changes in security requirements are often more disruptive than a simplification or incremental change. Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What phase is that?


Select one:

Question text

Changes in security standards are usually less disruptive since the trade-off for their adoption is based on the value of the change. However, standards changes can also be mandated. What phase is that?


Select one:

Question text

Assess and baseline current security-specific architecture elements. What phase is that?

Select one:

Question text

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM. What phase is that?

Select one:

Question text

A full inventory of architecture elements that implement security services must be compiled in preparation for a gap analysis. What phase is that?

Select one:

Question text

Assess and baseline current security-specific technologies. What phase is that?

Select one:

Question text

From the Baseline Security Architecture and the Enterprise Continuum, there will be existing security infrastructure and security building blocks that can be applied to the requirements derived from this architecture development engagement. What phase is that?

Select one:

Question text

Assess and baseline current security-specific technologies. What phase is that?

Select one:

Question text

Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful implementation of the findings. What phase is that?

Select one:

Question text

Many security vulnerabilities originate as design or code errors and the simplest and least expensive method to locate and find such errors is generally an early review by experienced peers in the craft. What phase is that?

Select one:

Question text

Identify existing security services available for re-use. What phase is that?

Select one:

Question text

The following security specifics appropriate to the security architecture must be addressed within each phase in addition to the generic phase activities. What phase is that?


Select one:

Question text

The organization's attitude and tolerance for risk.

Select one:

Question text

The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.

Select one:

Question text

The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.

Select one:

Question text

The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.

Select one:

Question text

Security architecture introduces unique, single-purpose components in the design.

Select one:

Question text

Security architecture introduces its own normative flows through systems and among applications.

Select one:

Question text

The protection of information assets from loss or unintended disclosure, and resources from unauthorized and unintended use.


Select one:

Question text

The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.

Select one:

Question text

Security architecture has its own discrete security methodology.

Select one:

Question text

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects.

Select one:

Question text

The substantiation of the identity of a person or entity related to the enterprise or system in some way.

Select one:

Question text

Security architecture addresses non-normative flows through systems and among applications.

Select one:

Question text

Those who will see change to their capability and work with core units but are otherwise not directly affected

Question text

Security architecture composes its own discrete views and viewpoints.


Select one:

Question text

The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.

Select one:

Question text

Those stakeholders who will be affected by security capabilities and who are in groups of communities


Identify communities involved

Question text

Those who are most affected and achieve most value from the security work


Identify core enterprise

Question text

Those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes


Identify extended enterprise