Information Security

71. An employee in an organization is requesting access to more information than is required. This request should be denied on the basis of which principle:

  1. Separation of duties
  2. Least privilege
  3. Need to know
  4. Job rotation

Correct answer: (C)
Need to know

72. An employee with a previous criminal history was terminated. The former employee leaked several sensitive documents to the news media. To prevent this, the organization should have:

  1. Reviewed access logs
  2. Restricted the employee's access to sensitive information
  3. Obtained a signed non-disclosure statement
  4. Performed a background verification prior to hiring the employee

Correct answer: (D)
Performed a background verification prior to hiring the employee

73. An Ethernet network that consists of a central Ethernet switch with cabling running to each station is best described as a:

  1. Logical and physical star
  2. Logical ring and physical star
  3. Logical star and physical bus
  4. Logical bus and physical star

Correct answer: (D)
Logical bus and physical star

74. An information system has multiple levels of security implemented, for both resources as well as users. In this system, a user cannot access resources below his level, and a user cannot create resources above his level. The access control model that most closely resembles this is:

  1. Access matrix
  2. Clark-Wilson
  3. Biba
  4. Bell-LaPadula

Correct answer: (C)
Biba

75. An information system that processes sensitive information is configured to require a valid userid and strong password from any user. This process of accepting and validating this information is known as:

  1. Authentication
  2. Strong authentication
  3. Two-factor authentication
  4. Single sign-on

Correct answer: (A)
Authentication

76. An intruder wishes to break in to an application in order to steal information stored there. Because the application utilizes strong authentication, what is the most likely approach the intruder will take?

  1. Dictionary attack
  2. Malicious code attack
  3. Application bypass attack
  4. Password guessing attack

Correct answer: (C)
Application bypass attack

77. An IT manager wishes to connect several branch offices to the headquarters office for voice and data communications. What packet switched service should the IT manager consider?

  1. ATM
  2. DSL
  3. MPLS
  4. Frame Relay

Correct answer: (C)
MPLS

78. An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues?

  1. Include security policy in the employee handbook
  2. Perform security awareness training at the time of hire and annually thereafter
  3. Perform security awareness training at the time of hire
  4. Require employees to sign the corporate security policy

Correct answer: (B)
Perform security awareness training at the time of hire and annually thereafter

79. An organization has a strong, management-driven model of security- related activities such as policy, risk management, standards, and processes. This model is better known as:

  1. Risk management
  2. Security oversight
  3. Security governance
  4. Security control

Correct answer: (C)
Security governance

80. An organization has been made a party in a civil lawsuit. The organization is required to search its electronic records for specific memoranda. This process is known as:

  1. Subpoena
  2. Search and seizure
  3. Discovery
  4. Electronic discovery

Correct answer: (D)
Electronic discovery

Previous
Page 8 of 25
Next
Copyright © EngineeringMCQ.com