option

Security

INFO STADISTICS RECORDS
TAKE THE TEST
Title of test:
Security

Description:
Security

Author:
Dr tarek
(Other tests from this author)

Creation Date:
14/01/2021

Category:
University

Number of questions: 75
Share the Test:
Facebook
Twitter
Whatsapp
TAKE THE TEST
Last comments
No comments about this test.
Content:
it is perpetrated by a hacker using a PC to break into a system Direct attacks originate from the threat itself Attack A direct attack Indirect attack Control; safeguard; or countermeasure.
The design should not be secret; but rather depend on the possession of keys or passwords. Economy of mechanism Fail-safe defaults Complete mediation Open design.
Any event or circumstance that has the potential to adversely affect operations and assets. Subjects and objects of attack Threat Threat agent Threat event.
The need to secure the physical location of computer technology from outside threats Computer security Security Communications security Network security.
A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages Logical Design Implementation Maintenance and Change Software Assurance (SA).
A potential weakness in an asset or its defensive control system(s). Some examples of vulnerabilities are a flaw in a software package; an unprotected system Threat source Vulnerability Accuracy Authenticity.
The SwA CBK; which is a work in progress; contains the following sections: Attack A direct attack Ethics; Law; and Governance Control; safeguard; or countermeasure.
Base access decisions on permission rather than exclusion. Economy of mechanism Fail-safe defaults Complete mediation open design.
Information security technologists and end users must recognize that both groups share the same overall goals of the organization—to ensure that data is available when; where; and how it is needed; with minimal delays or obstacles. Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
EX; it can be compromised by an attack (object) and then used to attack other systems (subject). Subjects and objects of attack Threat Threat agent Threat event.
Authorized users have legal access to a system; whereas hackers must gain illegal access to a system. information security C.I.A. triad Access Asset.
Secure Software Assurance (SwA) Common Body of Knowledge (CBK) examine two key questions Exploit Exposure What are the engineering activities or aspects of activities that are relevant to achieving secure software? Risk.
Minimize mechanisms (or shared variables) common to more than one user and depended on by all users. Separation of privilege Least privilege Least common mechanism Psychological acceptability.
The SwA CBK; which is a work in progress; contains the following sections: Secure Software Processes Exposure Loss Risk.
The SwA CBK; which is a work in progress; contains the following sections: Exploit Exposure Loss Secure Software Requirements.
A methodology for the design and implementation of an information system. The SDLC contains different phases depending on the methodology deployed; but generally the phases address the investigation; analysis; design; implementation; and maintenance of an information system. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
An attribute of information that describes how data is genuine or original rather than reproduced or fabricated. Threat source Vulnerability Accuracy Authenticity.
Where feasible; a protection mechanism should require two keys to unlock; rather than one. Separation of privilege Least privilege Least common mechanism Psychological acceptability.
A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned. chief information officer (CIO) chief information security officer (CISO) Project team Champion.
To protect the confidentiality of information; you can use several measures; including the following: Information classification A direct attack Indirect attack Control; safeguard; or countermeasure.
The SwA CBK; which is a work in progress; contains the following sections: Nature of Dangers Vulnerability Accuracy Authenticity.
A subset of communications security; the protection of voice and data; Networking components; connections; and content. Computer security Security Communications security Network security.
People who understand the organizational culture; existing policies; and requirements for developing and implementing successful policies. Team leade Security policy developers Risk assessment specialists Security professionals.
For detecting a virus or worm is to look for changes in file integrity; as shown by Attack File hashing Indirect attack Control; safeguard; or countermeasure.
A state of being secure and free from danger or harm. Also; the actions taken to make someone or something secure Computer security Security Communications security Network security.
Every access to every object must be checked for authority Economy of mechanism Fail-safe defaults Complete mediation Open design.
A methodology of establishing security policies and/or practices that is initiated by upper management. It has a higher probability of success Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
The maintenance and change phase is the longest and most expensive of the process. This phase consists of the tasks necessary to support and modify the system for the remainder of its useful life cycle Logical Design Implementation Maintenance and Change Software Assurance (SA).
A formal approach to solving a problem based on a structured sequence of procedures Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
The CIO translates the strategic plans of the organization as a whole into strategic information plans for the information systems or data processing division of the organization. An executive-level position that oversees the organization’s computing technology and strives to create efficiency in the processing and access of the organization’s information. chief information officer (CIO) chief information security officer (CISO) Project team Champion.
The protection of all communications media; technology; and content Computer security Security communications security Network security.
A senior executive who promotes the project and ensures its support; both financially and administratively; at the highest levels of the organization chief information officer (CIO) chief information security officer (CISO) Project team Champion.
Keep the design as simple and small as possible. Economy of mechanism Fail-safe defaults Complete mediation open design .
The specific instance or a component of a threat. Subjects and objects of attack Threat Threat agent Threat event.
To protect the confidentiality of information; you can use several measures; including the following: Threat source Vulnerability Accuracy Education of information custodians and end users.
The SwA CBK; which is a work in progress; contains the following sections: Availability Confidentiality Confidentiality Secure Software Sustainment.
The SwA CBK; which is a work in progress; contains the following sections: Threat source Vulnerability Acquisition of Secure Software Authenticity .
The administrators and technicians who implement security can be compared to a painter applying oils to canvas. A touch of color here; a brush stroke there; just enough to represent the image the artist wants to convey without overwhelming the viewer—or in security terms; without overly restricting user access. Systems administrators End users data custDdians Security as Art.
In the logical design phase; the information gained from the analysis phase is used to begin creating a systems solution for a business problem. Logical Design Implementation Maintenance and Change Software Assurance (SA).
Social science examines the behavior of people as they interact with systems; whether they are societal systems or; as in this Bcontext; information systems Security as Science Security as a Social Science delete.
A set of information that could uniquely identify an individual Availability Confidentiality Integrity Personally Identifiable Information (PII).
Those whom the new system will most directly affect. Ideally; a selection of users from various departments; levels; and degrees of technical knowledge assist the team in focusing on the application of realistic controls that do not disrupt the essential business activities they seek to safeguard Systems administrators End users data custDdians Security as Art.
Technology developed by computer scientists and engineers—which is designed for rigorous performance levels—makes information security a science as well as an art Security as Science Security as a Social Science delete.
The SwA CBK; which is a work in progress; contains the following sections: Availability Confidentiality Secure Software Verification; Validation; and Evaluation Personally Identifiable Information (PII).
Networking is the IS component that created much of the need for increased computer and information security. When information systems are connected to each other to form LANs; and these LANs are connected to other networks such as the Internet; new security challenges rapidly emerge. However; when computer systems are networked; this approach (locks and keys) is no longer enough. Steps to provide network security such as installing and configuring firewalls are essential Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
Though often overlooked in computer security considerations; people have always been a threat to information security. In the end; the Khan simply bribed the gatekeeper - and the rest is history. Whether this event actually occurred or not; the moral of the story is that people can be the weakest link in an organization’s information security program Hardware Data People Procedures.
The organizational resource that is being protected. information security C.I.A. triad Access Asset.
It is essential that the human interface be designed for ease of use; so that users routinely and automatically apply the protection mechanisms correctly Separation of privilege Least privilege Least common mechanism Psychological acceptability.
People who understand financial risk Cassessment techniques; the value of organizational assets; and the security methods to be used Team leader Security policy developers Risk assessment specialists Security professionals.
To protect the confidentiality of information; you can use several measures; including the following: Exploit Secure document storage Loss risk.
An attribute of information that describes how data is whole; complete; and uncorrupted. Availability Confidentiality Integrity Personally Identifiable Information (PII).
In the implementation phase; any needed software is created. Logical Design Implementation Maintenance and Change Software Assurance (SA).
A formal approach to solving a problem based on a structured sequence of procedures. focuses on integrating the need for the development team to provide iterative and rapid improvements to system functionality and the need for the operations team to improve security and minimize the disruption from software release cycles. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC.
The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information - confidentiality; integrity; and availability. information security C.I.A. triad Access Asset.
It is the physical technology that houses and executes the software; stores and transports the data; and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets – such as locks and keys - from harm or theft. Ex: passed it through the conveyor scanning devices. Hardware Data People Procedures.
Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Separation of privilege Least privilege Least common mechanism Psychological acceptability.
Data stored; processed; and transmitted by a computer system must be protected. Data is often the most valuable asset of an organization and therefore is the main target of intentional attacks. Information was originally defined as data with meaning we will use the term information to represent both unprocessed data and actual information. Hardware Data People Procedures.
Typically considered the top information security officer in an organization chief information officer (CIO) chief information security officer (CISO) Project team Champion.
Dedicated; trained; and well-educated specialists in all aspects of information security from both a technical and nontechnical standpoint. Team leader Security policy developers Risk assessment specialists Security professionals.
The SwA CBK; which is a work in progress; contains the following sections: Secure Software Design Threat Threat agent Threat event.
A condition or state of being exposed; in information security; exposure exists when a vulnerability is known to an attacker Exploit Exposure loss risk.
For detecting a virus or worm is to look for changes in file integrity; as shown by The file size Confidentiality Integrity Personally Identifiable Information (PII).
To protect the confidentiality of information; you can use several measures; including the following: Subjects and objects of attack Threat Application of general security policies Threat event.
An attribute of information that describes how the data’s ownership or control is legitimate or authorized. Possession Utility Information System (IS) Software.
It includes applications (programs); operating systems; and assorted command utilities Possession Utility Information System (IS) Software.
Protection of the confidentiality; integrity; and availability of information assets; whether in storage; processing; or transmission; via the application of policy; education;training and awareness; and technology information security C.I.A. triad Access Asset.
The entire set of software; hardware; data; people; procedures; and networks that enable the use of information resources in the organization. physical security The protection of physical items; objects; or areas from unauthorized access and misuse. Possession Utility Information System (IS) Software.
Individuals who work directly with data owners and are responsible for storage; maintenance; and protection of information. Systems administrators End users data custDdians Security as Art.
A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems Networks Balancing Information Security and Access Bottom-up approach Top-down approach.
A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain Exploit Exposure loss risk.
A project manager who may also be a departmental line manager or staff unit manager; and who understands project management; personnel management; and information security technical requirements. Team leader Security policy developers Risk assessment specialists Security professionals.
The SwA CBK; which is a work in progress; contains the following sections: Subjects and objects of attack Secure Software Project Management Threat agent Threat event.
The probability of an unwanted occurrence; such as an adverse event or loss. Exploit Exposure Loss Risk.
A category of objects; people; or other entities that represents the origin of danger to an asset—in other words; can be purposeful or undirected - threat source known as “acts of God/acts of nature. Threat source Vulnerability Accuracy Authenticity.
It is originated from a compromised system or resource that is malfunctioning or working under the control of a threat Attack A direct attack Indirect attack Control; safeguard; or countermeasure.
Report abuse Terms of use
HOME
CREATE TEST
INFO
STADISTICS
RECORDS
Author's Tests