10 questions
Which one of the following exposures associated with the spoiling of sensitive reports for offline printing could be considered the most serious?
Other unauthorized copies of reports could be printed
Sensitive data may be read by operators
Data cannot be altered without authorization
output would be lost in case of system failure
What is the Biba security model concerned with?
Reliability
Availability
Integrity
Confidentiality
Which one of the following is not a common integrity goal?
Maintain internal and external consistency
Prevent unauthorized users from making modifications
Prevent paths that could lead to inappropriate disclosure
Prevent authorized users from making improper modifications
Attributable data should be:
Often traced to individuals responsible for observing and recording the data
Never traced to individuals responsible for observing and recording the data
Sometimes traced to individuals responsible for observing and recording the data
Always traced to individuals responsible for observing and recording the data
Which one of the following questions is less likely to help in assessing controls covering audit trails?
Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?
Are incidental monitored and tracked until resolved?
Is access to online logs strictly controlled?
Does the audit trail provide a trace of user actions?
Which one of the following is not a method to protect objects Andy the data within the objects?
Layering
Data mining
Data hiding
Abstraction
What is a locking device that prevents unauthorized unplugging of cables from computer devices called?
Preset locks
Door delays
Cable trap
Slot locks
What does it mean if a system uses “Trusted Recovery”?
A failure or crash of the system cannot be breach security
A single account on the system has the administrative rights to recover or reboot the system after a crash
The recovery process is done from media that have been locked in a safe
There is no such principle as “Trusted Recovery” in security
When it comes to magnetic media sanitization, what difference can be make between clearing and purging information?
They both involve rewriting the media
Clearing completely crases the media whereas purging only removes file headers, allowing the recovery of files
Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack
Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which one of the following that the Orange Book did not address
Integrity and availability
Integrity and confidentiality
Confidentiality and availability
Accessibility and confidentiality