安全管理習題講解PPT課件

1、安全管理習題講解 QUIZ1 Which of the following is not a responsibility of a database administrator?A Maintaining databasesB Implementing access rules to databasesC Reorganizing databasesD Providing access authorization to databasesD安全管理習題講解 QUIZ2 According to governmental data classification levels, how woul

2、d answers to tests and health care information be classified?A ConfidentialB Sensitive but unclassifiedC Private D UnclassifiedB安全管理習題講解安全管理習題講解 QUIZ3. According to private sector data classification levels, how would salary levels and medical information be classified? A Confidential B Public C Pri

3、vate D SensitiveC安全管理習題講解 QUIZ 4 Which of the next are steps of a common development process of creating a security policy, standards and procedures? A design, development, publication, coding, testing B design, evaluation, approval, publication, implementation C initial and evaluation, development,

4、 approval, publication, implementation, maintenance D feasibility, development, approval, implementation, integrationC安全管理習題講解5 What is the main purpose of a security policy?A to transfer the responsibility for the information security to all users of the organizationB to provide detailed steps for

5、performing specific actionsC to provide a common framework for all development activitiesD to provide the management direction and support for information securityD安全管理習題講解6 Which of the following department managers would be best suited to oversee the development of an information security policy?A

6、 Security administrationB Human resourcesC Business operationsD Information systemsC安全管理習題講解7 Which of the following is not a responsibility of an information owner?A Running regular backups and periodically testing the validity of the backup data.B Delegate the responsibility of data protection to

7、data custodians.C Periodically review the classification assignments against business needs.D Determine what level of classification the information requires.A安全管理習題講解8 Which of the following is not a goal of integrity?A Prevention of the modification of information by unauthorized users.B Preventio

8、n of the unauthorized or unintentional modification of information by authorized users.C Prevention of the modification of information by authorized users.D Preservation of the internal and external consistency.C安全管理習題講解9 Why do many organizations require every employee to take a mandatory vacation

9、of a week or more?A To lead to greater productivity through a better quality of life for the employee.B To reduce the opportunity for an employee to commit an improper or illegal act.C To provide proper cross training for another employee.D To allow more employees to have a better understanding of t

10、he overall system.B安全管理習題講解10 Which of the following would best relate to resources being used only for intended purposes?A AvailabilityB IntegrityC ReliabilityD ConfidentialityA安全管理習題講解11 Security of computer-based information systems is which of the following? A technical issue B management issue

11、C training issue D operational issueB安全管理習題講解12 Which of the following would be the first step in establishing an information security program?A Development and implementation of an information security standards manual.B Development of a security awareness-training program for employees.C Purchase

12、of security access control software.D Adoption of a corporate information security policy statement.D安全管理習題講解13 Which of the following tasks may be performed by the same person in a well-controlled information processing facility/computer center? A Computer operations and system development B System

13、 development and change management C System development and systems maintenance D Security administration and change managementC安全管理習題講解14 Computer security should not: A Cover all identified risks. B Be cost-effective. C Be examined in both monetary and non-monetary terms. D Be proportionate to the

14、 value of IT systems.A安全管理習題講解15 Which of the following is most concerned with personnel security? A Management controls B Human resources controls C Technical controls D Operational controlsD安全管理習題講解16 Which of the following is most likely given the responsibility of the maintenance and protection

15、of the data? A Security administrator B User C Data custodian D Data owner C安全管理習題講解17 Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A Information systems security professionals B Data owners C Data custodians D Information systems a

16、uditorsD安全管理習題講解18 Risk mitigation and risk reduction controls can be of which of the following types?A preventive, detective, or correctiveB Administrative, operational or logicalC detective, correctiveD preventive, corrective and administrativeA安全管理習題講解19 Which of the following would best classify

17、 as a management control? A Review of security controls B Documentation C Personnel security D Physical and environmental protectionA安全管理習題講解20 What is the goal of the Maintenance phase in a common development process of a security policy? A to present document to approving body B to write proposal

18、to management that states the objectives of the policy C publication within the organization D to review of the document on the specified review dateD安全管理習題講解21 Which approach to a security program makes sure that the people actually responsible for protecting the companys assets are driving the pro

19、gram? A The top-down approach B The bottom-up approach C The technology approach D The Delphi approachA安全管理習題講解22 The preliminary steps to security planning include all of the following EXCEPT which of the following? A Determine alternate courses of action B Establish a security audit function. C Es

20、tablish objectives. D List planning assumptions.B安全管理習題講解23IT security measures should: A Be tailored to meet organizational security goals. B Make sure that every asset of the organization is well protected. C Not be developed in a layered fashion. D Be complexA安全管理習題講解24 Which of the following emb

21、odies all the detailed actions that personnel are required to follow? A Baselines B Procedures C Guidelines D StandardsB安全管理習題講解25 Which of the following should NOT be addressed by employee termination practices? A Deletion of assigned logon-ID and passwords to prohibit system access. B Return of ac

22、cess badges. C Employee bonding to protect against losses due to theft. D Removal of the employee from active payroll files.C安全管理習題講解26 Preservation of confidentiality information systems requires that the information is not disclosed to: A Authorized persons and processes B Unauthorized persons. C

23、Unauthorized persons or processes. D Authorized personC安全管理習題講解27 Which of the following statements pertaining to quantitative risk analysis is false?A It requires a high volume of informationB It involves complex calculationsC It can be automatedD It involves a lot of guessworkD安全管理習題講解28 All excep

24、t which of the follow are not used to ensure integrity? A compliance monitoring services B intrusion detection services C communications security management D firewall servicesA安全管理習題講解29 Which of the following would violate the Due Care concept? A Latest security patches for servers only being inst

25、alled once a week B Network administrator not taking mandatory two-week vacation as planned C Security policy being outdated D Data owners not laying out the foundation of data protectionD安全管理習題講解30 What does residual risk mean? A Weakness of an assets which can be exploited by a threat B Risk that

26、remains after risk analysis has has been performed C The result of unwanted incident D The security risk that remains after controls have been implementedD安全管理習題講解31 Which of the following questions should any user not be able to answer regarding their organizations information security policy? A Wh

27、ere is the organizations security policy defined? B Who is involved in establishing the security policy? C What are the actions that need to be performed in case of a disaster? D Who is responsible for monitoring compliance to the organizations security policy?C安全管理習題講解32 In a properly segregated en

28、vironment, which of the following tasks is compatible with the task of security administrator? A Data entry B Systems programming C Quality assurance D Applications programmingC安全管理習題講解33 The major objective of system configuration management is which of the following?A system maintenanceB system tr

29、ackingC system stabilityD system operationsC安全管理習題講解34 In an organization, an Information Technology security function should: A Be independent but report to the Information Systems function. B Be lead by a Chief Security Officer and report directly to the CEO. C Report directly to a specialized bus

30、iness unit such as legal, corporate security or insurance. D Be a function within the information systems function of an organization.B安全管理習題講解35 Who should measure the effectiveness of security related controls in an organization? A the central security manager B the local security specialist C the

31、 systems auditor D the business managerC安全管理習題講解36 What is a difference between Quantitative and Qualitative Risk Analysis? A fully qualitative analysis is not possible, while quantitative is B quantitative provides formal cost/benefit analysis and qualitative not C there is no difference between qu

32、alitative and quantitative analysis D qualitative uses strong mathematical formulas and quantitative notB安全管理習題講解37 How is Annualized Loss Expectancy (ALE) derived from a treat? A ARO x (SLE - EF) B SLE x ARO C SLE/EF D AV x EFB安全管理習題講解38 One purpose of a security awareness program is to modify: A a

33、ttitudes of employees with sensitive data. B corporate attitudes about safeguarding data. C employees attitudes and behaviors. D managements approach.C安全管理習題講解39 Controls are implemented to: A eliminate risk and reduce the potential for loss B mitigate risk and eliminate the potential for loss C eli

34、minate risk and eliminate the potential for loss D mitigate risk and reduce the potential for lossD安全管理習題講解40 Who should decide how a company should approach security and what security measures should be implemented?A The information security specialistB AuditorC Senior managementD Data ownerC安全管理習題

35、講解41 Which of the following is the weakest link in a security system? A People B Communications C Hardware D SoftwareA安全管理習題講解42 ISO 17799 is a standard for:A Information Security ManagementB Implementation and certification of basic security measuresC Certification of public key infrastructuresD Ev

36、aluation criteria for the validation of cryptographic algorithmsA安全管理習題講解43Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?A Business and functional managersB Chief information officerC

37、IT Security practitionersD System and information ownersD安全管理習題講解44 Related to information security, the guarantee that the message sent is the message received is an example of which of the following?A integrityB identityC availabilityD confidentialityA安全管理習題講解45 Which one of the following represen

38、ts an ALE calculation? A asset value x loss expectancy B actual replacement cost - proceeds of salvage C gross loss expectancy x loss frequency D single loss expectancy x annualized rate of occurrenceD安全管理習題講解46 Which of the following choices is NOT part of a security policy?A description of specifi

39、c technologies used in the field of information securityB definition of overall steps of information security and the importance of securityC statement of management intend, supporting the goals and principles of information securityD definition of general and specific responsibilities for information security managementA安全管理習題講解47 Which of the following statements pertaining to a security policy is incorrect? A It must be flexible to the changing environment. B Its main purpose is to inform the users, administrators and managers of their obligatory requirement