sec 360 quiz

profilemrwatts22
sec360.docx

1. (TCO 1) What are the three kinds of security policy clauses called? (Points : 5)

       Shalls (mandatory), shall nots (prohibitive), and may (permissive)        Mandatory, discretionary, and role based        Mandatory, tentative, and optional        Responsibilities, compliance, and roles        Access control, identification, and authentication

Question 2. 2. (TCO 1) Threat and vulnerability are used to _____. (Points : 5)

       calculate cost        choose controls        manage security        sell security        estimate consequences

Question 3. 3. (TCO 1) An organization’s security posture is defined and documented in _____ that must exist before any computers are installed. (Points : 5)

       standards        guidelines        procedures        tolerance for risk        All of the above

Question 4. 4. (TCO 1) According to the CBK, the goals of information security policy are _____. (Points : 5)

       confidentiality, integrity, and accountability        compliance, integrity, and access control        confidentiality, integrity, and availability        compliance, identification, and authentication        confidentiality, identity, and authenticity

Question 5. 5. (TCO 2) The umbrella of information security includes all of the following, except _____. (Points : 5)

       incident response        key management        business readiness        security testing        training and awareness

Question 6. 6. (TCO 2) A security event that causes damage is called _____. (Points : 5)

       a compromise        a violation        an incident        a mishap        a transgression

Question 7. 7. (TCO 2) Which of the following is not a common class of ratings for safes? (Points : 5)

       B-rate        C-rate        ULTL-30        ULTL-40        ULTL-15

Question 8. 8. (TCO 2) What are the effects of security controls? (Points : 5)

       Confidentiality, integrity, and availability        Administrative, physical, and operational        Detection, prevention, and response        Management, operational, and technical        None of the above

Question 9. 9. (TCO 1) Policies and procedures are often referred to as _____. (Points : 5)

       models        a necessary evil        guidelines        documentation

Question 10. 10. (TCO 2) Which of the following topics is not covered in the Operations Security domain? (Points : 5)

       Personnel and roles        Resource protection        Project management        Operations department responsibility