Mixed Subject Flashcards
a potential problem related to the physical installation of the iris scanner in regards to the usage of the iris pattern within a biometric system is:
a. concern the laser beam may cause eye damage
b. the iris pattern changes as a person grows older
c. there is a relatively high rate of false accepts
d. the optical unit must be positioned so that the sun does not shine into the aperture
d. the optical unit must be positioned so that the sun does not shine into the aperture
In MAC (MANDATORY ACCESS CONTROL) sensitivity labels attached to object contain what information?
a. items classification
b. items classification and category set
c. items category
d. items need to know
b. items classification and category set
How do we identify an organizations assets?
a. by its business drivers
b. its business mission
c. its business processess
d. all of the above
d. without knowing every aspect of the business it is almost impossible to correctly identify all of an organizations assets
Who makes decisions as to who should be allowed what kind of access to data. They must also ensure that data quality, integrity, and protection procedures are in place and working correctly.
subject, owner, controller, processor, data steward, data custodian or data protection officer?
owner
Who is described by, identified by, or otherwise related to the data in question?
subject, owner, controller, processor, data steward, data custodian or data protection officer?
the subject
Who determines the purposes and means for any actions involved with the use of personal data, either for an employee, customer, or any other person. Is held accountable to ensure that all actions required by the GDPR (or sim laws) are completed effectively and completely.
subject, owner, controller, processor, data steward, data custodian or data protection officer?
the controller
Who performs the tasks necessary to acquire or generate, use, modify or properly dispose of the data.
subject, owner, controller, processor, data steward, data custodian or data protection officer?
the processor
Who is commonly responsible for data content, context and associated business rules within the organization.
subject, owner, controller, processor, data steward, data custodian or data protection officer?
the data steward
Who is responsible for the protection of the data while it’s in their custody. That would mean safe custody, transport, storage and processing of the data and the understanding and compliance of polices in regard to the protection of the data.
subject, owner, controller, processor, data steward, data custodian or data protection officer?
data custodian
This role is appointed to advise the organization regarding all compliance aspects to process data regarding a subject also acts as interface to government agencies.
subject, owner, controller, processor, data steward, data custodian or data protection officer?
DPO
We say that everyone is responsible for information security but who is ultimately responsible.
a. Everyone in the organization
b. IT security dept.
c. chief security information officer
d. senior leadership and management
d. senior leadership and management
What are the components of an objects sensitivity label
a. a classification set and single compartment
b. single classification and single compartment
c. classification set and user credentials
d. a single classification and a compartment set
d. a single classification and a compartment set
what does it mean to say that sensitivity labels are “incomparable”
a. the number of classifications in the two labels is different
b. neither label contains all the classifications of the other
c. the number of categories in the two labels are different.
d. neither label contains the categories of the other.
d. neither label contains the categories of the other.
which of the following is true about kerberos?
a. it utilizes public key cryptography
b. it encrypts data after a ticket is granted, but passwords are exchanged in plain text.
c. it depends on symmetric ciphers.
d. it is a secondary party authentication system.
c. it depends on symmetric ciphers.
which of the following is needed for system accountability?
a. audit mechanisms
b. documented design as laid out in the common criteria.
c. authorization
d. formal verification of the system design.
a. audit mechanisms