Sec 360 exam solutions (taken march 2016)

Question 1. 1. (TCO 1) Information security is a process that protects all of the following except _____. (Points : 5)

      [removed] personal privacy
      [removed]
payroll integrity
      [removed]
service availability
      [removed]
readiness
      [removed]
hardware integrity

 

Question 2. 2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)

      [removed] technologies, domains, families
      [removed]
controls, families, domains
      [removed]
domains, families, technologies
      [removed]
principles, domains, families
      [removed]
controls, domains, principles

 

Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)

      [removed] Detection, prevention, and response
      [removed]
Management, technical, and operational
      [removed]
Administrative, technical, and physical
      [removed]
Administrative, technical, and procedural

 

Question 4. 4. (TCO 3) Security policies, regardless of level, should ensure that _____ of assets is distinguished, _____ of people is maintained, and that _____ is managed because that is the enemy of security. (Points : 5)

      [removed] sensitivity, separation of duties, technology
      [removed]
labels, responsibility, complexity
      [removed]
labels, accountability, technology
      [removed]
organization, accountability, complexity
      [removed]
sensitivity, separation of duties, complexity

 

Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)

      [removed] companies
      [removed]
managers
      [removed]
citizens
      [removed]
employees
      [removed]
All of the above

 

Question 6. 6. (TCO 5) Ideas can be evaluated using _____, which are _____ that are not meant to be _____. (Points : 5)

      [removed] models, controls, solutions
      [removed]
controls, abstractions, solutions
      [removed]
models, abstractions, solutions
      [removed]
solutions, controls, abstractions
      [removed]
models, controls, abstractions 

 

Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)

      [removed] closed-circuit television
      [removed]
a good security plan
      [removed]
an educated workforce
      [removed]
certified security staff
      [removed]
resources

 

Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly the information resources needed to do his/her job–no more and no less–is called _____. (Points : 5)

      [removed] separation of duties
      [removed]
need to know
      [removed]
least privilege
      [removed]
minimal access
      [removed]
least common mechanism

 

Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)

      [removed] system files
      [removed]
application data
      [removed]
user access
      [removed]
networks supporting the IT infrastructure
      [removed]
the known good state 

 

Question 10. 10. (TCO 9) Access controls manage the use of _____ by _____ in an information system. (Points : 5)

      [removed] files, people
      [removed]
information resources, programs
      [removed]
objects, subjects
      [removed]
computer time, people
      [removed]
computer cycles, applications

 

Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and asymmetric cryptography is used to encrypt _____. (Points : 5)

      [removed] messages, identities
      [removed]
data, identities
      [removed]
data, signatures
      [removed]
data, messages
      [removed]
messages, signatures 

 

Question 12. 12. (TCO 10) In a given city, there are a group of people who wish to communicate through the use of asymmetric cryptography. They do not wish to work with any type of certificate authority. Given this information, how would this be accomplished? (Points : 5)

      [removed] Internal certificate authority
      [removed]
Private extranet
      [removed]
Public VPN provider
      [removed]
IPSec tunnels
      [removed]
Utilize PGP

 

Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is called a(n) _____. (Points : 5)

      [removed] packet-filtering router
      [removed]
circuit-level gateway
      [removed]
application-level gateway
      [removed]
stateful inspection firewall
      [removed]
bridge firewall

 

Question 14. 14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is subject to two kinds of errors called _____ and _____. (Points : 5)

      [removed] type a, type b
      [removed]
false positive, false negative
      [removed]
hardware, software
      [removed]
functional, assurance
      [removed]
performance, availability

 

Question 15. 15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team members should refer to company information security policies? (Points : 5)

      [removed] System requirements
      [removed]
System design
      [removed]
Detailed design
      [removed]
Coding
      [removed]
Project inception

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>