Blog

 General Security Policy Procedures

Q1: Which of the following describes procedures?

1. usually mandatory, improve efficiency, and guarantee adherence to general security policies.
2. not usually mandatory, are more flexible, and guarantee adherence to general security policies
3. usually required lowest level of the policy chain, and also known as practices
4. accomplishes consistency and uniformity and provide detailed steps that are used to perform specific tasks.

Q2 Which of the following is a security practice that calls for multiple overlapping or redundant security controls (technical, people and operations) to help prevent the compromise of a system or environment

1. security control b. common criteria c. Defense in Depth       d.   SABSA Framework

Q3 A security model defines and describes what protections mechanism are to be used and what these controls are designed to achieve subjects of what model are allowed to access an object only if the security level of the subject is equal to or greater than that of the object.

1. Clark Wilson Model b. Lattice Model c. Brewer and Nash Model     d. Graham Denning Model

Q4 Recommended controls as identified by risk analysis prioritization of risks and controls and resources for implementing the controls are examples of what.

1. Weighing the benefits of controls against their costs to justify the controls.
2. Aspects of provisioning security in an organization.
3. Deriving the overall risk rating (qualitative) for each threat
4. A high level senior management statement of purpose and intent of the security posture of an enterprise.

Q5 Which of the following are the requirement for security architecture

1. business needs, regulations, legal needs, and partners. b. control measure, concepts. Legal needs, and partners. c. best practices, measures, organizational processes, and regulation

Q6 To reduce the risk of lost or stolen laptop the CISO ask you to suggest a technology that interfaces with a standard hardware/software platform in order to allow the laptop to be secured to serve the interests of just one user. Which of the following Technologies would you recommend?

1. Virtual Machines b. Full Disk Encryption c. Trusted Platform Module d. Mobile Trusted Module

Q6 IA promises to provide effective ways to protect information systems. This can be challenging even with most advanced technology and trained IT pro-fessionals. There are four categories of benefits related to benefits related to effective information assurance What are tactical benefits of IA?

1. Improved shareholder value, competitive advantage, and License to operate
2. Understanding of business opportunities, Easier compliance, and better control
3. Resilient Business Processes, Improved Customer Service, and Improved Responsiveness.
4. Better Governance, Lower Costs, and Cheaper Equity