Description of this paper

sec 360 timed 3 hours to complete

Description

solution


Question

1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points: 5) Preventive, detective, and responsive;Prohibitive, permissive, and mandatory;Administrative, technical, and physical;Management, technical, and operational;Roles, responsibilities, and exemptions;Question 2. 2. (TCO 2) The 10 IISSCC _____ cover 17 NIST control _____ which are arranged in three _____ called management, operational, and technical. (Points: 5) controls, domains, principles;domains, families, classes;principles, domains, families;domains, families, technologies;technologies, domains, families;Question 3. 3. (TCO 2) What are the pillars of security? (Points: 5) Confidentiality, integrity, and availability;Detection, prevention, and recovery;People, process, and technology;Administration, technology, and operation;Question 4. 4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points: 5) assets, accountability, software;assets, separation of duties, complexity;software, separation of duties, complexity;software, accountability, people;people, separation of duties, technology;Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points: 5) companies;managers;citizens;employees;All of the above;Question 6. 6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points: 5) criteria, models, solutions;controls, abstractions, solutions;solutions, abstractions, models;models, abstractions, solutions;models, controls, solutions;Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____. (Points: 5) closed-circuit television;a good security plan;an educated workforce;certified security staff;resources;Question 8. 8. (TCO 7) The controls that are used by a security operations center including vulnerability management, threat monitoring, and situation reporting from a variety of sensors are used to assess _____. (Points: 5) status;readiness;known good state;compliance monitoring;intrusion detection;Question 9. 9. (TCO 8) A business impact analysis prioritizes systems for recovery. What are the highest priority systems called? (Points: 5) Mission-critical systems;Security Operations Center systems;Mission-essential systems;Backup and recovery systems;Administrative systems;Question 10. 10. (TCO 9) Mandatory access control uses labels and rules to mediate access to _____ by _____. (Points: 5) objects, subjects;files, people;computer cycles, applications;information assets, people;information assets, network devices;Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and asymmetric cryptography is used to encrypt _____. (Points: 5) messages, identities;data, identities;data, signatures;data, messages;messages, signatures;Question 12. 12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points: 5) Use symmetric keys;Issue smart cards;Implement SSL;Use IPSec;Set up VPN connections;Question 13. 13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points: 5) Layer 1;Layer 2;Layer 3;Layer 4/7;applications;Question 14. 14. (TCO 12) A good intrusion detection system will have all of the characteristics of the _____ model and will be flexible enough to adapt to _____. (Points: 5) Bell LaPadula, mandatory access control;reference monitor, vulnerabilities;Biba, vulnerabilities;OSI, loss of availability;reference monitor, loss of availability;Question 15. 15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points: 5) Improved performance;Increased availability;Greater versatility;Efficient business models 1. (TCO 1) What is wrong with this policy compliance clause? Show how you could fix it. People who violate this policy are subject to sanctions. (Points: 15);Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls--prevention, detection, and recovery. (Points: 15);Question 3. 3. (TCO 3) Briefly explain the "principle" that states that security = risk management. (Points: 15);Question 4. 4. (TCO 4) Briefly explain how law relates to a decision to "counterattack" a hacker that has attacked your system, and then briefly explain how ethics may relate to a decision to "counterattack" a hacker that has attacked your system. (Points: 15);Question 5. 5. (TCO 5) Explain the effects of the three goals of information security. (Points: 15);Question 6. 6. (TCO 6) Briefly explain the idea of a mantrap. (Points: 15);Question 7. 7. (TCO 7) Explain what media disposition means. (Points: 15);Question 8. 8. (TCO 8) Explain the term warm site. (Points: 15) 1. (TCO 9) Explain the advantage of role-based access controls. (Points: 15);Question 2. 2. (TCO 10) Name the two uses of a private key in asymmetric cryptography. (Points: 15);Question 3. 3. (TCO 11) Firewalls can implement four kinds of controls: behavior, user, direction, and service controls. Briefly explain what service controls are. (Points: 15);Question 4. 4. (TCO 11) With regard to application-level gateway firewalls, determine the added costs in terms of the activities and resources required to effectively use them. (Points: 15);Question 5. 5. (TCO 12) For intrusion detection, briefly explain what Type 1 and Type 2 errors are. (Points: 15);Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points: 15);Question 7. 7. (TCO 13) Explain what a virus is, pointing out how it is different from a worm. (Points: 15)

 

Paper#69919 | Written in 18-Jul-2015

Price : $47
SiteLock