Quiz2_Answers Flashcards
- Database transactions must be durable. This means that…
a) Transactions are executed separately from each other
b) All or none of the instructions in a transaction must be executed
c) When the transaction is complete, the database must again be consistent with the rules, as it was before the transaction was executed
d) Once transactions have been committed to the database, their effects must be preserved
d) Once transactions have been committed to the database, their effects must be preserved
- Which one of the following statements is true?
a) Qualitative analysis requires specific dollar valuations of assets
b) Quantitative analysis requires subjective inputs from analysts
c) A purely quantitative risk analysis is usually not sufficient since there are aspects that cannot be quantified
c) A purely quantitative risk analysis is usually not sufficient since there are aspects that cannot be quantified
- Which of the following mechanisms can reduce the risk of collusion? Check all that apply. Pick 2.
a) Background checks
b) Separation of duties
c) Job rotation
d) Nondisclosure agreements
b) Separation of duties c) Job rotation
- Which of the following protocols are used by email clients to retrieve email messages from an email server? Check all that apply.
a) Post Office Protocol version 3 (POP3)
b) Simple Mail Transfer Protocol (SMTP)
c) Internet Message Access Protocol (IMAP)
a) Post Office Protocol version 3 (POP3) c) Internet Message Access Protocol (IMAP)
- Which one of the following types of documents provides a step-by-step description of the actions necessary to implement specific security solutions?
a) Security policy
b) Standards
c) Baselines
d) Guidelines
e) Procedures
e) Procedures
- Which of the following statements about Network Address Translation (NAT) are correct? Check all that apply.
a) NAT is a mechanism for converting internal IP addresses in a private network into public IP addresses for transmission over the Internet
b) When a packet is received from a client, NAT changes the source address to the NAT’s address
c) Dynamic NAT permanently assigns a specific external IP address to an internal host
d) Stateful NAT operates by maintaining a mapping between requests made by internal clients, a client’s internal IP address, and the IP address of the Internet service contacted
a) NAT is a mechanism for converting internal IP addresses in a private network into public IP addresses for transmission over the Internet
b) When a packet is received from a client, NAT changes the source address to the NAT’s address
d) Stateful NAT operates by maintaining a mapping between requests made by internal clients, a client’s internal IP address, and the IP address of the Internet service contacted
- The first step of risk analysis is asset inventory. This phase includes (check all that apply) …
a) Listing all assets
b) Calculating the likelihood of each threat.
c) Listing all countermeasures for each threat.
d) Assigning a dollar value to each asset
a) Listing all assets d) Assigning a dollar value to each asset
- The percentage loss an asset’s value would experience in the event that a threat becomes realized is called …
a) Annualized loss expectancy(ALE)
b) Annualized rate of occurrence (ARO)
c) Single loss expectancy(SLE)
d) Exposure factor (EF)
d) Exposure factor (EF)
- Which one of the following methods puts a system into a high level of security upon detection of a failure?
a) Limitchecks
b) Fail-secure
c) Fail-Open
b) Fail-secure
- You are a software development manager starting a new development project. You want to focus the development process around user stories. The development process must be efficient and have multiple iterations as changes and requirements are discovered. Which development methodology should you use?
a) Agile
b) Waterfall
c) Spiral
d) Rapid application development
a) Agile
- The information system security plan is an important deliverable in which of the following processes?
a) Configurationmanagement
b) System development life cycle
c) Networkmonitoring
d) Continuous assessment
b) System development life cycle
- Risk management activities are performed for periodic system re-authorization in which of the following system development life cycle (SDLC) phases?
a) Initiation
b) Development/Acquisition
c) Implementation
d) Operation/maintenance
d) Operation/maintenance
- From a risk mitigation viewpoint, which of the following is not an example of system protection controls that are part of supporting technical security controls?
a) Modularity
b) Layering
c) Need-to-know
d) Access controls
d) Access controls
- What is the main feature of software configuration management (SCM)?
a) Tracing of all software changes
b) Identifying individual components
c) Using computer-assisted software engineering tools
d) Using compilers and assemblers
a) Tracing of all software changes
- Which of the following are not the responsibilities of the configuration control review board?
- Discussing change requests
- Conducting impact analysis of changes
- Requesting funding to implement changes
- Notifying users of system changes
a) 1and2 b) 1and3 c) 2and4 d) 3and4
c) 2and4
- In the application security environment, system or network transparency is achieved through which of the following security principles?
a) Process isolation and hardware segmentation
b) Abstraction and accountability
c) Security kernel and reference monitor
d) Complete mediation and open design
a) Process isolation and hardware segmentation
- Which of the following levels of the software capability maturity model (CMM) is the most basic in establishing discipline and control in the software development process?
a) Initiallevel
b) Defined level
c) Repeatablelevel
d) Managed level
c) Repeatable level
- The prudent man concept is related to which of the following?
a) Due care and due permissions
b) Due care and due rights
c) Due care and due diligence
d) Due care and due privileges
c) Due care and due diligence
- Which of the following internetworking devices sends traffic addressed to a remote location from a local-area network (LAN) over the wide-area network (WAN) to the remote destination?
a) Bridge
b) Router
c) Brouter
d) Backbone
b) Router
- Which of the following is implemented in the Version 3 of X.509 protocol?
a) SSL
b) Regular MIME
c) SHA
d) S/MIME
d) S/MIME
- Which of the following can protect non-IP protocols?
a) IPsec
b) PPTP
c) L2TP
d) L2F
c) L2TP