Question 1. 1. (TCO 1) Information security is a process that protects all of the following except _. (Points : 5)

  [removed] personal privacy
  [removed] payroll integrity
  [removed] service availability
  [removed] readiness
  [removed] hardware integrity

Question 2. 2. (TCO 2) The _ of the 17 NIST control can be placed into the 10 IISSCC __ comprising the common body of knowledge for information security. (Points : 5)

  [removed] technologies, domains, families
  [removed] controls, families, domains
  [removed] domains, families, technologies
  [removed] principles, domains, families
  [removed] controls, domains, principles

Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)

  [removed] Detection, prevention, and response
  [removed] Management, technical, and operational
  [removed] Administrative, technical, and physical
  [removed] Administrative, technical, and procedural

Question 4. 4. (TCO 3) Security policies, regardless of level, should ensure that _ of assets is distinguished, of people is maintained, and that __ is managed because that is the enemy of security. (Points : 5)

  [removed] sensitivity, separation of duties, technology
  [removed] labels, responsibility, complexity
  [removed] labels, accountability, technology
  [removed] organization, accountability, complexity
  [removed] sensitivity, separation of duties, complexity

Question 5. 5. (TCO 4) Privacy legislation is written to protect _. (Points : 5)

  [removed] companies
  [removed] managers
  [removed] citizens
  [removed] employees
  [removed] All of the above

Question 6. 6. (TCO 5) Ideas can be evaluated using , which are that are not meant to be _. (Points : 5)

  [removed] models, controls, solutions
  [removed] controls, abstractions, solutions
  [removed] models, abstractions, solutions
  [removed] solutions, controls, abstractions
  [removed] models, controls, abstractions 

Question 7. 7. (TCO 6) Many believe that the most important physical security control is _. (Points : 5)

  [removed] closed-circuit television
  [removed] a good security plan
  [removed] an educated workforce
  [removed] certified security staff
  [removed] resources

Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly the information resources needed to do his/her job–no more and no less–is called _. (Points : 5)

  [removed] separation of duties
  [removed] need to know
  [removed] least privilege
  [removed] minimal access
  [removed] least common mechanism

Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _. (Points : 5)

  [removed] system files
  [removed] application data
  [removed] user access
  [removed] networks supporting the IT infrastructure
  [removed] the known good state 

Question 10. 10. (TCO 9) Access controls manage the use of _ by _ in an information system. (Points : 5)

  [removed] files, people
  [removed] information resources, programs
  [removed] objects, subjects
  [removed] computer time, people
  [removed] computer cycles, applications

Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt , and asymmetric cryptography is used to encrypt . (Points : 5)

  [removed] messages, identities
  [removed] data, identities
  [removed] data, signatures
  [removed] data, messages
  [removed] messages, signatures 

Question 12. 12. (TCO 10) In a given city, there are a group of people who wish to communicate through the use of asymmetric cryptography. They do not wish to work with any type of certificate authority. Given this information, how would this be accomplished? (Points : 5)

  [removed] Internal certificate authority
  [removed] Private extranet
  [removed] Public VPN provider
  [removed] IPSec tunnels
  [removed] Utilize PGP

Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is called a(n) _. (Points : 5)

  [removed] packet-filtering router
  [removed] circuit-level gateway
  [removed] application-level gateway
  [removed] stateful inspection firewall
  [removed] bridge firewall

Question 14. 14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is subject to two kinds of errors called _ and _. (Points : 5)

  [removed] type a, type b
  [removed] false positive, false negative
  [removed] hardware, software
  [removed] functional, assurance
  [removed] performance, availability

Question 15. 15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team members should refer to company information security policies? (Points : 5)

  [removed] System requirements
  [removed] System design
  [removed] Detailed design
  [removed] Coding