Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?
SIMULATION -
Fill in the blank with an appropriate phrase.________ An is an intensive application of the OPSEC process to an existing operation or activity by a multidiscipline team of experts.
Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution.
Choose three.
AIt ensures that unauthorized modifications are not made to data by authorized personnel or processes.
BIt determines the actions and behaviors of a single individual within a system
CIt ensures that modifications are not made to data by unauthorized personnel or processes.
DIt ensures that internal information is consistent among all subentities and also consistent with the real-world, external situation.
You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two.
AUse encrypted authentication.
BUse the SSL protocol.
CUse the EAP protocol.
DUse Basic authentication.
Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?
AConfiguration management
BRisk management
CProcurement management
DChange management
Question 7
Contingency Management
0
Question 8
Systems Lifecycle Management
Question 9
Security Operations
Question 10
Security Operations
Question 11
Security Operations
Question 12
Security Operations
Question 13
Security Operations
Question 14
Security Operations
Question 15
Law, Ethics, and Security Compliance Management
Question 16
Security Operations
Question 17
Risk Management
Question 18
Security Operations
Question 19
Systems Lifecycle Management
Question 20
Security Operations
Question 21
Risk Management
Question 22
Risk Management
Question 23
Law, Ethics, and Security Compliance Management
Question 24
Systems Lifecycle Management
Question 25
Systems Lifecycle Management
Question 26
Risk Management
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ad
Want a break from the ads?
Become a Supporter and enjoy a completely ad-free experience, plus unlock Learn Mode, Exam Mode, AstroTutor AI, and more.
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Ask AstroTutor
0
Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?
ABusiness continuity plan development
BBusiness impact assessment
CScope and plan initiation
DPlan approval and implementation
Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.
AVulnerability Assessment and Penetration Testing
BSecurity Certification and Accreditation (C&A)
CChange and Configuration Control
DRisk Adjustments
Which of the following statements is related with the first law of OPSEC?
AIf you are not protecting it (the critical and sensitive information), the adversary wins!
BIf you don't know what to protect, how do you know you are protecting it?
CIf you don't know about your security resources you could not protect your network.
DIf you don't know the threat, how do you know what to protect?
You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly.
What type of security audit do you need to conduct to resolve the problem?
AOperational audit
BDependent audit
CNon-operational audit
DIndependent audit
Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?
AThermal alarm systems
BClosed circuit cameras
CEncryption
DSecurity Guards
Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.
ASecurity awareness training
BSecurity policy
CData Backup
DAuditing
Which of the following statements is related with the second law of OPSEC?
AIf you are not protecting it (the critical and sensitive information), the adversary wins!
BIf you don't know what to protect, how do you know you are protecting it?
CIf you don't know about your security resources you could not protect your network.
DIf you don't know the threat, how do you know what to protect?
Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?
AData diddling
BWiretapping
CEavesdropping
DSpoofing
Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution. Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.
ANames of the victims
BLocation of each incident
CNature of harassment
DDate and time of incident
Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.
ATLS
BPGP
CS/MIME
DIPSec
Which of the following characteristics are described by the DIAP Information Readiness Assessment function? Each correct answer represents a complete solution. Choose all that apply.
AIt performs vulnerability/threat analysis assessment.
BIt identifies and generates IA requirements.
CIt provides data needed to accurately assess IA readiness.
DIt provides for entry and storage of individual system data.
Which of the following is the best method to stop vulnerability attacks on a Web server?
AUsing strong passwords
BConfiguring a firewall
CImplementing the latest virus scanner
DInstalling service packs and updates
Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?
AManaged level
BDefined level
CFundamental level
DRepeatable level
Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.
AIt can be achieved by installing service packs and security updates on a regular basis.
BIt is used for securing the computer hardware.
CIt can be achieved by locking the computer room.
DIt is used for securing an operating system.
Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."
AMonitor and Control Risks
BIdentify Risks
CPerform Qualitative Risk Analysis
DPerform Quantitative Risk Analysis
You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?
ARisk management plan
BLessons learned documentation
CRisk register
DStakeholder management strategy
Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?
ASSAA
BFITSAF
CFIPS
DTCSEC
Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?
AVulnerability analysis
BCost-benefit analysis
CGap analysis
DRequirement analysis
What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?
AScope Verification
BProject Management Information System
CIntegrated Change Control
DConfiguration Management System
You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?
