Upgrade to remove ads Show
Only ₩37,125/year
Terms in this set (20)In the Clark-Wilson security model, what are the two levels of integrity? A. Host and network B. Integrity verification processes (IVPs) and transformation processes (TPs) C. Ring and Low-Water-Mark D. Constrained data items (CDIs) and unconstrained data items (UDIs) Constrained data items (CDIs) and unconstrained data items (UDIs) Which security model uses transactions as the basis for its rules? A. Biba B. Bell-LaPadula C. Simple Security D. Clark-Wilson Clark-Wilson Which term describes a means of separating the operation of an application from the rest of the operating system? A. Complete mediation B. Separation of duties C. Sandboxing D. Reverse-engineering Sandboxing T/F? In the Biba model, instead of security classifications, integrity levels are used. True Which term refers to the invocation of conditions that fall outside the normal sequence of operation? A. Exceptions B. Least privilege C. economy of mechanism D. Fail-safe defaults Exceptions Which security principle refers to the concept that each and every request should be verified? A. Least privilege B. Separation of duties C. Economy of mechanism D. Complete mediation Complete mediation Which term refers to making different layers of security dissimilar so that even if attackers know how to get through a system that comprises one layer, they may not know how to get through a different type of layer that employs a different system for security? A. Sandboxing B. Reverse-engineering C. Diversity of defense D. Economy of mechanism Diversity of defense Which security principle is described as always using simple solutions when available? A. Least common mechanism B. Fail-safe defaults C. Economy of mechanism D. Open design Economy of mechanism Which term describes the process where individuals analyze the binaries for programs to discover embedded passwords or cryptographic keys? A. Complete mediation B. Separation of duties C. Sandboxing D. Reverse-engineering Reverse-engineering T/F? The principle of open design holds that the protection of an object should rely upon secrecy of the protection mechanism itself. False The entity that implements a chosen security policy and enforces those characteristics deemed most important by the system designers is known as the __________. A. Security model B. Group policy C. CIA model D. NIST Cyber Security Framework Security model Which security concept uses the approach of protecting something by hiding it? A. Least common mechanism B. Security through obscurity C. Economy of mechanism D. Open design Security through obscurity Which equation describes the operational model of security? A. Prevention = Protection + (Detection + Response) B. Prevention = Protection + (Detection x Response) C. Protection = Prevention + (Detection + Response) D. Protection = Prevention + (Detection x Response) Protection = Prevention + (Detection + Response) What term refers to the boundary around a system where external inputs can interact with a system? A. Low-Water-Mark B. Encapsulated bubble C. Fortress D. Attack surface Attack surface Which term is used when separation of privilege is applied to people? A. Security through obscurity B. Diversity of defense C. Nonrepudiation D. Separation of duties Separation of duties T/F? Exception handling is an important consideration during software development. True Where do changes in trust occur? A. At the Low-Water-Mark B. At the firewall C. At the trust boundary D. At the physical layer of the OSI model At the trust boundary Which confidentiality model is defined by controlling read and write access based on conflict of interest rules? A. Bell-LaPadula security model B. Biba security model C. Brewer-Nash security model D. Ring policy security model Brewer-Nash security model What is one of the most fundamental principles in security? A. Open design B. Complete mediation C. Least privilege D. Economy of mechanism Least privilege Which security principle is characterized by the use of multiple, different defense mechanisms with a goal of improving the defensive response to an attack? A. Sandboxing B. Defense in depth C. Reverse-engineering D. Complete mediation Defense in depth Sets with similar termsITSCM 452 Quiz 137 terms Etrizzle123 Chapter 1353 terms tkoh44 Chap8 Security Models40 terms wnan42 Security Engineering (Real)54 terms GregMoguel Sets found in the same folderCybersecurity MIS 399 - Chapter 13 (Quiz 5)20 terms jennkmaxx Cybersecurity MIS 399 - Chapter 5 (Quiz 9)20 terms jennkmaxx Cybersecurity MIS 399 - Chapter 25 (Quiz 12)20 terms jennkmaxx CIS2005 - Module 2 - Semester 2 201745 terms Wererstritchy Other sets by this creator
AINS 23 - Segment A Assignment 4 - Commercial Crim…16 terms jennkmaxx AINS 23 - Segment C Assignment 11 - Specialty Cove…58 terms jennkmaxx AINS 23 - Segment C Assignment 10 - Businessowners…14 terms jennkmaxx AINS 23 - Segment C Assignment 9 - Workers Compens…23 terms jennkmaxx Verified questions
COMPUTER SCIENCE Extend the gpasort program so that it allows the user to sort a file of students based on gpa, name, or credits. Your program should prompt for the input file, the field to sort on, and the output file. Verified answer
COMPUTER SCIENCE Assume input is a char array holding a C-string. Write code that counts the number of elements in the array that contain an alphabetic character. Verified answer COMPUTER SCIENCE Write pseudocode for LEFT-ROTATE that operates on nodes in an interval tree and updates the max attributes in O(1) time. Verified answer
COMPUTER SCIENCE Which of the following is not a file reading method in Python? a) read b) readline c) readall d) readlines Verified answer Other Quizlet setsChapter 1: Security Governance Through Principles…83 terms
deleonrobert SWR302-41,058 terms NguoiVoDanh Info Assurance146 terms vutha_keo CISSP - Chapter 1 Review Questions20 terms kbohlken253 Related questionsQUESTION To understand user tasks and goals and the business objectives with which those tasks align, the Business Analysis should discuss with users at which stage(s): 4 answers QUESTION Apex:112 - What interface does the Apex email handler implement to setup and inbound email service? 2 answers QUESTION 8-5. Describe some of the key differences in the four legal schemes designed to protect intellectual property: copyrights, patents, trademarks, and trade secrets. 3 answers QUESTION A variable first declard within a statement block is only accessible within that statment block 4 answers What security design principle states that protection mechanisms should not depend upon secrecy of the mechanism itself?Protection = Prevention + (Detection + Response)
This security design principle states protection mechanisms should not impact users, or if they do, the impact should be minimal.
Which security principle is characterized by the use of multiple different defense mechanisms?Defense in depth is a principle characterized by the use of multiple, different defense mechanisms with the goal of improving the defensive security posture.
What security design principle states that secrecy itself Cannot be relied upon as a means of protection?The principle of open design states that the security of a mechanism should not depend on the secrecy of its design or implementation. Designers and implementers of a program must not depend on secrecy of the details of their design and implementation to ensure security.
What is one of the most fundamental principles in security?The fundamental principles (tenets) of information security are confidentiality, integrity, and availability. Every element of an information security program (and every security control put in place by an entity) should be designed to achieve one or more of these principles. Together, they are called the CIA Triad.
|