Information Security

21. A project team has just completed building the organization's business continuity plan. Which of the following tests should be performed first?

  1. Walkthrough
  2. Simulation
  3. Parallel test
  4. Cutover test

Correct answer: (A)
Walkthrough

22. A qualitative risk assessment is used to identify:

  1. Vulnerabilities, threats, and countermeasures
  2. Vulnerabilities, threats, threat probabilities, and countermeasures
  3. Assets, risks, and mitigation plans
  4. Vulnerabilities and countermeasures

Correct answer: (B)
Vulnerabilities, threats, threat probabilities, and countermeasures

23. A resource server contains an access control system. When a user requests access to an object, the system examines the permission settings for the object and the permission settings for the user, and then makes a decision whether the user may access the object. The access control model that most closely resembles this is:

  1. Mandatory access control (MAC)
  2. Discretionary access control (DAC)
  3. Non-interference
  4. Role based access control (RBAC)

Correct answer: (A)
Mandatory access control (MAC)

24. A risk manager has completed a risk analysis for an asset valued at $4000. Two threats were identified; the ALE for one threat is $400, and the ALE for the second threat is $500. What is the amount of loss that the organization should estimate for an entire year?

  1. $450
  2. $500
  3. $900
  4. $100

Correct answer: (C)
$900

25. A running-key cipher can be used when:

  1. The plaintext is longer than the encryption key
  2. The plaintext is shorter than the encryption key
  3. The plaintext is streaming media
  4. The plaintext is changing rapidly

Correct answer: (A)
The plaintext is longer than the encryption key

26. A secure facility needs to control incoming vehicle traffic and be able to stop determined attacks. What control should be implemented:

  1. Crash gate
  2. Guard post
  3. Turnstile
  4. Bollards

Correct answer: (A)
Crash gate

27. A security analyst has a system evaluation criteria manual called the "Orange Book". This is a part of:

  1. Common Criteria
  2. Trusted Computer Security Evaluation Criteria (TCSEC)
  3. Information Technology Security Evaluation Criteria (ITSEC)
  4. ISO 15408

Correct answer: (B)
Trusted Computer Security Evaluation Criteria (TCSEC)

28. A security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are:

  1. Application firewalls
  2. Source code control
  3. Outside code reviews
  4. Peer code reviews

Correct answer: (C)
Outside code reviews

29. A security door has been designed so that it will ignore signals from the building's door entry system in the event of a power failure. This is known as:

  1. Fail soft
  2. Fail open
  3. Fail closed
  4. Fail secure

Correct answer: (C)
Fail closed

30. A security engineer has recently installed a biometric system, and needs to tune it. Currently the biometric system is rejecting too many valid, registered users. What adjustment does the security engineer need to make?

  1. Increase the False Accept Rate
  2. Reduce the False Accept Rate
  3. Increase the False Reject Rate
  4. Reduce the False Reject Rate

Correct answer: (D)
Reduce the False Reject Rate

Previous
Page 3 of 25
Next
Copyright © EngineeringMCQ.com