Security Operations & Administration
Which of the following is a recommendation to use when a specific standard or procedure does not exist?
A code of ethics provides for all but which of the following
Clearly defines course action to take when a complex issue is encountered
Computer policies include a special category called user rights. Which actions do they allow an administrator to perform?
Identify users who can perform maintenance tasks on computers in the OU
Which of the following development modes is a method used by programmers while writing programs that allow for optimal control over coherence, security, accuracy, and comprehensibility?
A process performed in a controlled environment by a third party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as?
All of the files on a companies protected network are backed up every 24 hours. The backup solution imposed on the network is designed to provide protection for what security service?
You want to ensure that all users in the Development OU use specific network communication security settings when transmitting files. Which method should you use?
Create a GPO computer policy for the computers in the Development OU
Which of the following is an action which must take place during the release stage of the SDLC
Vendors develop and release patches in response to exploited vulnerabilities that have been discovered
By definition, which security concept ensures that only authorized parties can access data?
Who is assigned the task of judging the security system or network and granting it an approval to operate?
Designated Approval Authority
When developing the totality of security policy documentation, what type of policy document will contain instructions or information on remaining in compliance with regulations and industry standards?
In which phase of the system life cycle is software testing performed?
A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security goals is most at risk?
Which phase or step of a security assessment is a passive activity?
Which of the following best describes the concept of due care or due diligence?
Reasonable precautions, based on industry best practices, are utilized and documented
Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria?
Which is the operation mode of the system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have that same specific clearance level as well as all of the need to know over all the data on the system?
Which of the following is the best protection against security violations?
Defense in depth
Who has the responsibility for the development of a security policy?
Which of the following is not a protection against collusion?
Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system?
The ST is a document that describes the security properties of a security product
Which of the following is not an element of the termination process?
Dissolution of the NDA (non-disclosure agreement)
What is the primary purpose of imposing software life cycle management concepts?
Increase the quality of software
If your organization relies on high-end customized software developed by an external company, what security protection should be implemented to protect yourself against the software developer going out of business?
Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept?
System administrator configures remote access privileges and the security officer reviews and activates each account
Which of the following defines layering in regards to system access control?
Various tasks are divided into a hierarchical manner to provide security
What are the goals and mission of an organization defined?
Strategic security policy
Which statement is true regarding application of GPO settings?
If a setting is defined in the Local Group Policy and is not defined in the GPO linked to the OU, the setting will be applied
You’ve crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to you message as a digital signature before sending it to the other user? What protection does the private key signing activity of this process provide?
Which of the following is the least reliable means to clean or purge media?
In which phase of the system life cycle is security integrated into the product?
Which of the following defines system high mode?
All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system
What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year?
To check for evidence of fraud
You’ve crafted a message to be sent to another user. Before, transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide?
What of the following is not used bu the reference monitor to determine levels of access?
Which of the following is the best protection to prevent attacks on mobile phones through the Bluetooth protocol?
Disable Bluetooth on the phone
When a sender encrypts a message using their own private key, what security service is being provided to the recipient?
What is the primary purpose of source code power?
To obtain change rights over software after the vendor goes out of business
Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level?
Which of the following is a high-level, general statement about the role of security in the organization?
Which of the following is a policy that defines appropriate and inappropriate activities and usage for company resources, assets, and communications?
Acceptable use policy
Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted?
What is the principal purpose of change control?
Prevent un-managed change
You have a set of CD-Rs that you have used to store confidential product development data. Now that the project is over, you need to dispose of the discs. Which method should you use to dispose of the media?
The best ways to initiate solid administrative control over an organizations employees is to have what element in place?
Distinct job descriptions
Cell phones with cameras and data transfer capabilities pose a risk to which security goal?
Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system?
Target of Evaluation (TOE)
Which of the following components of Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose?
Protection Profile (PP)