1.

An information security program should include the following elements:

A. Disaster recovery and business continuity planning, and definition of access control requirements and human resources policies.

B. Business impact, threat and vulnerability analysis, delivery of an information security awareness program, and physical security of key installations.

C. Security policy implementation, assignment of roles and responsibilities, and information asset classification.

D. Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems.

2.

. Which of the following refers to a series of characters used to verify a users identity?

A. Token serial number

B. User ID

C. Password

D. Security ticket

3.

Security of an automated information system is most effective and economical if the system is?

A. optimized prior to addition of security.

B. customized to meet the specific security threat.

C. subjected to intense security testing.

D. designed originally to meet the information protection needs

4.

Act of obtaining information of a higher level of sensitivity by combining information from lower level of sensitivity is called?

A. Aggregation

B. Data mining

C. Inference

D. Polyinstantiation

5.

Which of the following is the least important information to record when logging a security violation?

A. Users name

B. User id.

C. Type of violation

D. Date and time of the violation

6.

The goal of cryptanalysis is to?

A. forge coded signals that will be accepted as authentic.

B. ensure that the key has no repeating segments.

C. reduce the system overhead for cryptographic functions.

D. determine the number of encryption permutations required

7.

Pretty Good Privacy (PGP) provides?

A. confidentiality, integrity, and authenticity.

B. integrity, availability, and authentication.

C. availability, authentication, and non-repudiation.

D. authorization, non-repudiation, and confidentiality.

8.

Which of the following transaction processing properties ensures once a transaction completes successfully (commits), the updates survive even if there is a system failure?

A. Atomicity.

B. Consistency.

C. Isolation.

D. Durability.

9.

A security policy provides a way to?

A. establish a cost model for security activities.

B. allow management to define system recovery requirements.

C. identify and clarify security goals and objectives.

D. enable management to define system access rules.

10.

Computer security is generally considered to be the responsibility of?

A. everyone in the organization.

B. corporate management.

C. the corporate security staff.

D. everyone with computer access.

11.

What is a set of step-by-step instructions used to satisfy control requirements called?

A. Policy

B. Standard

C. Guideline

D. Procedure

12.

The accounting branch of a large organization requires an application to process expense vouchers. Each voucher must be input by one of many accounting clerks, verified by the clerks applicable supervisor, then reconciled by an auditor before the reimbursement check is produced. Which access control technique should be built into the application to best serve these requirements?

A. Mandatory Access Control (MAC)

B. Password Security

C. Role-based Access Control (RBAC)

D. Terminal Access Controller Access System (TACACS)

13.

When verifying key control objectives of a system design, the security specialist should ensure that the?

A. final system design has security administrator approval.

B. auditing procedures have been defined.

C. vulnerability assessment has been completed.

D. impact assessment has been approved.

14.

Which of the followings are security concerns with distributed systems?

A. Downloaded data from the Internet via the web or through e-mail may infect other computers.

B. Desktop systems may not be properly secured.

C. Unauthorized access to a secured network could be made through remote control or terminal server programs running on a desktop.

D. A, B, and C

15.

Three principal schemes that provide a framework for managing access control are:

A. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC).

B. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Layer Based Access Protocol (LBAP).

C. Mandatory Access Control (MAC), Layer Based Access Protocol (LBAP), and Target Based Access Protocol (TBAP).

D. Role Based Access Control (RBAC), Layer Based Access Protocol (LBAP), and Target Based Access Protocol (TBAP).

SUBJECT : DATA AND SYSTEM SECURITY ( MULTIPLE CHOISE)