Security Operations & Administration – Flashcards
Unlock all answers in this set
Unlock answersquestion
Which of the following is a recommendation to use when a specific standard or procedure does not exist?
answer
Guideline
question
A code of ethics provides for all but which of the following
answer
Clearly defines course action to take when a complex issue is encountered
question
Computer policies include a special category called user rights. Which actions do they allow an administrator to perform?
answer
Identify users who can perform maintenance tasks on computers in the OU
question
Which of the following development modes is a method used by programmers while writing programs that allow for optimal control over coherence, security, accuracy, and comprehensibility?
answer
Structured programming
question
A process performed in a controlled environment by a third party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as?
answer
Accreditation
question
All of the files on a companies protected network are backed up every 24 hours. The backup solution imposed on the network is designed to provide protection for what security service?
answer
Availability
question
You want to ensure that all users in the Development OU use specific network communication security settings when transmitting files. Which method should you use?
answer
Create a GPO computer policy for the computers in the Development OU
question
Which of the following is an action which must take place during the release stage of the SDLC
answer
Vendors develop and release patches in response to exploited vulnerabilities that have been discovered
question
By definition, which security concept ensures that only authorized parties can access data?
answer
Confidentiality
question
Who is assigned the task of judging the security system or network and granting it an approval to operate?
answer
Designated Approval Authority
question
When developing the totality of security policy documentation, what type of policy document will contain instructions or information on remaining in compliance with regulations and industry standards?
answer
Standards
question
In which phase of the system life cycle is software testing performed?
answer
Software Development
question
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security goals is most at risk?
answer
Confidentiality
question
Which phase or step of a security assessment is a passive activity?
answer
Reconnaissance
question
Which of the following best describes the concept of due care or due diligence?
answer
Reasonable precautions, based on industry best practices, are utilized and documented
question
Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria?
answer
EAL5
question
Which is the operation mode of the system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have that same specific clearance level as well as all of the need to know over all the data on the system?
answer
Dedicated
question
Which of the following is the best protection against security violations?
answer
Defense in depth
question
Who has the responsibility for the development of a security policy?
answer
Senior Management
question
Which of the following is not a protection against collusion?
answer
Cross training
question
Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system?
answer
The ST is a document that describes the security properties of a security product
question
Which of the following is not an element of the termination process?
answer
Dissolution of the NDA (non-disclosure agreement)
question
What is the primary purpose of imposing software life cycle management concepts?
answer
Increase the quality of software
question
If your organization relies on high-end customized software developed by an external company, what security protection should be implemented to protect yourself against the software developer going out of business?
answer
Code escrow
question
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?
answer
System administrator configures remote access privileges and the security officer reviews and activates each account
question
Which of the following defines layering in regards to system access control?
answer
Various tasks are divided into a hierarchical manner to provide security
question
What are the goals and mission of an organization defined?
answer
Strategic security policy
question
Which statement is true regarding application of GPO settings?
answer
If a setting is defined in the Local Group Policy and is not defined in the GPO linked to the OU, the setting will be applied
question
You've crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to you message as a digital signature before sending it to the other user? What protection does the private key signing activity of this process provide?
answer
Non-repudiation
question
Which of the following is the least reliable means to clean or purge media?
answer
Degaussing
question
In which phase of the system life cycle is security integrated into the product?
answer
Project initiation
question
Which of the following defines system high mode?
answer
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system
question
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?
answer
To check for evidence of fraud
question
You've crafted a message to be sent to another user. Before, transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide?
answer
Integrity
question
What of the following is not used bu the reference monitor to determine levels of access?
answer
Ring architecture
question
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
answer
Disable Bluetooth on the phone
question
When a sender encrypts a message using their own private key, what security service is being provided to the recipient?
answer
Non-repudiation
question
What is the primary purpose of source code power?
answer
To obtain change rights over software after the vendor goes out of business
question
Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level?
answer
Confinement
question
Which of the following is a high-level, general statement about the role of security in the organization?
answer
Policy
question
Which of the following is a policy that defines appropriate and inappropriate activities and usage for company resources, assets, and communications?
answer
Acceptable use policy
question
Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?
answer
Assuarance
question
What is the principal purpose of change control?
answer
Prevent un-managed change
question
You have a set of CD-Rs that you have used to store confidential product development data. Now that the project is over, you need to dispose of the discs. Which method should you use to dispose of the media?
answer
Shredding
question
The best ways to initiate solid administrative control over an organizations employees is to have what element in place?
answer
Distinct job descriptions
question
Cell phones with cameras and data transfer capabilities pose a risk to which security goal?
answer
Confidentiality
question
Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system?
answer
Target of Evaluation (TOE)
question
Which of the following components of Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose?
answer
Protection Profile (PP)