Problem:1. What is the primary weakness of a rate-of-rise temperature detector when used as a fire detection device?
There are no weaknesses
It consumes a great deal more power
It will not work if there is
...there is moreshow problem
1. What is the primary weakness of a rate-of-rise temperature detector when used as a fire detection device?
There are no weaknesses
It consumes a great deal more power
It will not work if there is a power outage
The fire has to be somewhat advanced before it will be detected
2. What is the most likely consequence of not having a formal process for information assurance?
Data will be lost
Understanding of the contents of the asset base will be lost
Profits will be significantly reduced
New information may be lost
3. Who assigns a user's rights to data in a discretionary access control model?
The user of the data
The Chief Information Officer (CIO)
The owner or manager of the data
The creator of the data
4. What is the purpose of risk analysis
To identify all potential threats
To assign probabilities to each of the potential threats
To assign a cost to each of the potential threats
To understand all of the implications of the threat picture
5. Why is it necessary to determine if a prospective hire for a sensitive position has a vulnerability from their past?
The vulnerability always shows a weakness of character
The vulnerability makes them more vulnerable to potential blackmail
The vulnerability can be exploited in order to force them to work harder
The vulnerability may be a violation of a company policy
6. The value of a corrective action is dependent upon:
The value of the information asset
The cost of delivering the corrective action
The ability to deliver the corrective action in sufficient time
The person delivering the corrective action
7. Which of the following is the appropriate order for the first four steps in developing a control set?
Organization set-up, asset identification and baselining, asset valuation, risk analysis
Organization set-up, selection of the control set, asset identification and baselining, asset valuation
Organization set-up, asset identification and baselining, asset valuation, selection of the control set
Organization set-up, asset identification and baselining, risk analysis, asset valuation
8. How many phases are there to a DITSCAP evaluation?
9. In a Role-Based Access Control model, users of information are granted permission to access the data based on what criteria?
The duties that they are to perform
Their security clearance
Their position in the organizational hierarchy
Whether they own the data or not
10. Which of the following is NOT a constraint in the development of assurance policies?
11. How many different categories or levels of risk are commonly used in an information assurance program?
Two - low and high
Three - low, medium, and high
Four - none, low, medium, and high
Five - none, low, medium, high, and critical
12. What is the concept of separation/duplication of duties?
Where complex jobs are split among more than one person
Where no critical function can be executed by a single person
Where redundant jobs are created so that there is a guarantee that the job will be done
Where two or more groups are required to work in isolation and forbidden to discuss their tasks with each other
13. Which of the following sequences represents the information assurance control environments, moving from the inside out
Technical control environment, management control environment, operational control environment
Technical control environment, operational control environment, management control environment
Management control environment, technical control environment, operational control environment
Management control environment, operational control environment, technical control environment
14. Which of the following is NOT part of the final report from an audit?
A list of the persons responsible for any non-conformance discovered
The purpose and scope of the audit
15. What is the role of an assurance specification?
It documents how an information assurance policy was designed
It documents why a specific information assurance policy exists
It documents how the organization validates the execution of an assurance function
It documents the consequences of not following an information assurance function
16. Which of the following is NOT a phase in a DITSCAP evaluation?
17. What is the definition of the feasibility of an information assurance task?
The probability that the task can be accomplished
The probability that the task will not be accomplished
A measure of the consequences of the task not being done
A measure of the consequences of the task being done
18. Which of the following is NOT a specification to communicate the steps to ensure an end-to-end information assurance process?
Specification of the consequences of non-compliance
Specification of management practices
Specification of operations practices
Specification of assurance and accountability practices
19. Which of the following is NOT one of the disaster response countermeasures?
20. Which of the following is NOT a factor in establishing a secure space?
21. What are the three levels of controls provided by monitors?
Detection, a record of events, recognition
Detection, recognition, identification
Recognition, a record of events, identification
Detection, identification, a record of events
22. What is the only feasible response to issues regarding human factors?
Have people attend regular training sessions
Having a coherent and explicit definition of acceptable behavior
Give people enough flexibility in their responses so that there is no resentment on their part
Require people to monitor each other and encourage them to report any deviations from the security rules
23. What is the order of the elements in the information assurance pyramid from base to peak?
People, operations, technology
Technology, people, operations
Technology, operations, people
People, technology, operations
24. Which of the following is the most commonly used financial factor when evaluating a countermeasure?
Return on investment (ROI)
Change in expenses
Change in net profit
25. Which of the following is NOT a factor of a properly functioning reference monitor?