(TCO 1) Security policy contains three kinds of rules as policy clauses. What are they?

Asked by bizgrad
Dated: 22nd Jun'15 11:11 AM
Bounty offered: $37.99

SEC360 final

 

Page 1

 

Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5)

Preventive, detective, and responsive

Prohibitive, permissive, and mandatory

Administrative, technical, and physical

Management, technical, and operational

Roles, responsibilities, and exemptions

 

 

Question 2.2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)

technologies, domains, families

controls, families, domains

domains, families, technologies

principles, domains, families

controls, domains, principles

 

 

Question 3.3. (TCO 2) What are the effects of security controls? (Points : 5)

Confidentiality, integrity, and availability

Administrative, physical, and operational

Detection, prevention, and response

Management, operational, and technical

 

 

Question 4.4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points : 5)

assets, accountability, software

assets, separation of duties, complexity

software, separation of duties, complexity

software, accountability, people

people, separation of duties, technology

 

 

Question 5.5. (TCO 4) "There shall be a way for an individual to correct information in his or her records" is a clause that might be found in a _____. (Points : 5)

law

code of ethics

corporate policy

fair information practices statement

Any of the above

 

 

Question 6.6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points : 5)

criteria, models, solutions

controls, abstractions, solutions

solutions, abstractions, models

models, abstractions, solutions

models, controls, solutions

 

 

Question 7.7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)

closed-circuit television

a good security plan

an educated workforce

certified security staff

resources

 

 

Question 8.8. (TCO 7) The mission of the security operations center might best be described as _____. (Points : 5)

continuous monitoring

maintaining the known good state

policy enforcement

reporting to management

configuration management

 

 

Question 9.9. (TCO 8) Alternate sites used in disaster recovery would normally not include which of the following? (Points : 5)

Hot site

Cold site

Warm site

Shared site

Alternate site

 

 

Question 10.10. (TCO 9) The basic elements of any access control model is a reference monitor that mediates access to _____ by _____. (Points : 5)

files, people

objects, subjects

files, principals

named resources, named users

computer time, applications

 

 

Question 11.11. (TCO 10) In a network system, you will normally find that _____ are encrypted using asymmetric cryptography, and _____ are encrypted using symmetric cryptography. (Points : 5)

signatures, messages

messages, data

hash totals, messages

messages, hash totals

data, messages

 

 

Question 12.12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points : 5)

Use symmetric keys

Issue smart cards

Implement SSL

Use IPSec

Set up VPN connections

 

 

Question 13.13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points : 5)

Layer 1

Layer 2

Layer 3

Layer 4/7

applications

 

 

Question 14.14. (TCO 12) The two standard approaches to intrusion detection are _____ and _____. (Points : 5)

access control, firewall

anomaly, rule

policy, label

role, account

user, program

 

 

Question 15.15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points : 5)

Improved performance

Increased availability

Greater versatility

Efficient business models

Page 2

 

 

 

Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies. (Points : 15)

 

Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls--prevention, detection, and recovery. (Points : 15)

 

Question 3. 3. (TCO 3) Briefly explain how defense in depth is a management strategy for security. (Points : 15)

 

Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system. (Points : 15)

 

Question 5. 5. (TCO 5) Explain the effects of the three goals of information security. (Points : 15)

 

Question 6. 6. (TCO 6) Briefly describe the idea of a smart card. (Points : 15)

 

Question 7. 7. (TCO 7) Explain the purpose of a security operations center. (Points : 15)

 

Question 8. 8. (TCO 8) Explain the term warm site. (Points : 15)

 

Page 3

 

 

Question 1. 1. (TCO 9) Distinguish between an access control list and a capabilities list. (Points : 15)

 

Question 2. 2. (TCO 10) Briefly explain why key management is a critical requirement for a good symmetric cryptographic solution. (Points : 15)

 

Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization. (Points : 15)

 

Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)

 

Question 5. 5. (TCO 12) Explain what the symbol P(A|B) means. (Points : 15)

 

Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)

 

Question 7. 7. (TCO 13) Briefly explain what object orientation is and what it is used for. (Points : 15)

Solution- SEC360 - Security policy contains three kinds of rules as policy clauses
Answered by bizgrad
Expert Rating: 2394 Ratings
Dated: 22nd Jun'15 11:13 AM
5 words and 1 attachment(s).
Tutorial Rating: 9 Ratings
Sold 10 times.
(preview of the tutorial; some sections have been intentionally blurred)
…refer…

attachments

Solution-_DeVry_SEC360.docx
Preview of Solution-_DeVry_SEC360.docx
exemptions     2   2) The     the       _____   be placed     10       the   body of     information       5)   domains, families     domains       principles,   families controls,     Question       2)   are the     security       5)   integrity, and     physical,       prevention,   response Management,     technical       (TCO   Three of     important       management   to ensure     organized       ensure   roles maintain     to       that   the enemy     (Points       accountability,   assets, separation     complexity       duties,   software, accountability,     separation       Question   5 (TCO     shall       for   individual to     in       records"   a clause     be       _____   : 5)     of       fair   practices statement     the       6   5) Evaluation     for       _____,   are _____     not       _____   : 5)     solutions       solutions,   models models,     models,       7   (TCO 6)     that       physical   control is     :       a   security plan     workforce       resources   8 8     The       security   center might     described       :   continuous monitoring     known       enforcement   to management     Question       8)   sites used     recovery       include   of the     :       Cold   Warm site     Alternate       10   9) The     of       model   a reference     mediates       by   (Points :     people       principals   resources, named     time,       11   10) In     system,       find   _____ are     asymmetric       are   using symmetric