הכנה למבחן בניהול אבטחת מידע
- 131 שאלות
- 20 תגובות
- 0% הושלמו
- equalizer סטטיסטיקות
- share שתף
Discuss, Learn and be Happy דיון בשאלות
help
brightness_4
brightness_7
format_textdirection_r_to_l
format_textdirection_l_to_r
A class of a system containing various levels of sensitive information that also permits users with different security clearances best describes
1
| done | ||
A multi-level security system is a class of system containing
information with different sensitivities that simultaneously permits access
by users with different security clearances and needs-to-know, but prevents users from obtaining access to information for which they lack authorization.
A trusted computing base is defined as:
1
| mood | ||
A TCB is defined as the totality of protection mechanisms within
a computer system, including hardware, firmware, software, processes,
and some inter-process communications; and when combined are responsible
for ensuring a security policy.
מיין לפי
One of the greatest risks with many driver programs is:
1
| done | ||
Calling applications must be checked to ensure they do not
attempt to exploit the ODBC drivers and gain elevated system access.
One method of protecting confidential corporate data accessed through an Internet-based application is:
1
| done | ||
One approach for Internet access is to create a “tiered” application
approach that manages data in layers. There can be any number of layers;
however, the most typical architecture is to use a three-tier approach:
presentation layer, business logic layer, and the data layer. This is sometimes
referred to as the Internet Computing Model because the browser is
used to connect to an application server that then connects to a database.
מיין לפי
מוניטין: 515
One approach for Internet access is to create a “tiered” application
approach that manages data in layers. There can be any number of layers;
however, the most typical architecture is to use a three-tier approach:
presentation layer, business logic layer, and the data layer. This is sometimes
referred to as the Internet Computing Model because the browser is
used to connect to an application server that then connects to a database.
All of the following are examples of a preventative control EXCEPT:
1
| done | ||
Included in preventive controls are physical, administrative, and
technical measures intended to preclude actions violating policy or
increasing risk to system resources.
Recovery planning attempt to:
1
| done | ||
Recovery controls are necessary to restore the system or operation to a normal operating state. Answer a is more correctly a corrective control.
מיין לפי
Privileged access permissions should:
1
| done | ||
Privileged users must be subject to periodic recertification to
maintain the broad level of privileges that have been assigned to them
מיין לפי
Transparency of controls does all of the following EXCEPT:
1
| done |
Ideally, controls must be transparent to users within the
resource protection schema.
Which of the following is NOT a class of failures identified in the Trusted Recovery Guide by the National Computer Security Center?
1
| done | ||
The classes of failures that have been identified in the Trusted
Recovery Guide by the National Computer Security Center include: statetransition
(action) failures, trusted computing base failures, media failures,
and discontinuity of operation. Note that a buffer overflow may be a state
transition type of failure, but the reader should know these terms and what
they apply to.
מיין לפי