《2019年安全管理习题讲解课件》由会员分享,可在线阅读,更多相关《2019年安全管理习题讲解课件(53页珍藏版)》请在金锄头文库上搜索。
1、QUIZ,1 Which of the following is not a responsibility of a database administrator? A Maintaining databases B Implementing access rules to databases C Reorganizing databases D Providing access authorization to databases,D,QUIZ,2 According to governmental data classification levels, how would answers
2、to tests and health care information be classified? A Confidential B Sensitive but unclassified C Private D Unclassified,B,QUIZ,3. According to private sector data classification levels, how would salary levels and medical information be classified? A Confidential B Public C Private D Sensitive,C,QU
3、IZ,4 Which of the next are steps of a common development process of creating a security policy, standards and procedures? A design, development, publication, coding, testing B design, evaluation, approval, publication, implementation C initial and evaluation, development, approval, publication, impl
4、ementation, maintenance D feasibility, development, approval, implementation, integration,C,5 What is the main purpose of a security policy? A to transfer the responsibility for the information security to all users of the organization B to provide detailed steps for performing specific actions C to
5、 provide a common framework for all development activities D to provide the management direction and support for information security,D,6 Which of the following department managers would be best suited to oversee the development of an information security policy? A Security administration B Human re
6、sources C Business operations D Information systems,C,7 Which of the following is not a responsibility of an information owner? A Running regular backups and periodically testing the validity of the backup data. B Delegate the responsibility of data protection to data custodians. C Periodically revi
7、ew the classification assignments against business needs. D Determine what level of classification the information requires.,A,8 Which of the following is not a goal of integrity? A Prevention of the modification of information by unauthorized users. B Prevention of the unauthorized or unintentional
8、 modification of information by authorized users. C Prevention of the modification of information by authorized users. D Preservation of the internal and external consistency.,C,9 Why do many organizations require every employee to take a mandatory vacation of a week or more? A To lead to greater pr
9、oductivity through a better quality of life for the employee. B To reduce the opportunity for an employee to commit an improper or illegal act. C To provide proper cross training for another employee. D To allow more employees to have a better understanding of the overall system.,B,10 Which of the f
10、ollowing would best relate to resources being used only for intended purposes? A Availability B Integrity C Reliability D Confidentiality,A,11 Security of computer-based information systems is which of the following? A technical issue B management issue C training issue D operational issue,B,12 Whic
11、h of the following would be the first step in establishing an information security program? A Development and implementation of an information security standards manual. B Development of a security awareness-training program for employees. C Purchase of security access control software. D Adoption o
12、f a corporate information security policy statement.,D,13 Which of the following tasks may be performed by the same person in a well-controlled information processing facility/computer center? A Computer operations and system development B System development and change management C System developmen
13、t and systems maintenance D Security administration and change management,C,14 Computer security should not: A Cover all identified risks. B Be cost-effective. C Be examined in both monetary and non-monetary terms. D Be proportionate to the value of IT systems.,A,15 Which of the following is most co
14、ncerned with personnel security? A Management controls B Human resources controls C Technical controls D Operational controls,D,16 Which of the following is most likely given the responsibility of the maintenance and protection of the data? A Security administrator B User C Data custodian D Data own
15、er,C,17 Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A Information systems security professionals B Data owners C Data custodians D Information systems auditors,D,18 Risk mitigation and risk reduction controls can be of which of the
16、 following types? A preventive, detective, or corrective B Administrative, operational or logical C detective, corrective D preventive, corrective and administrative,A,19 Which of the following would best classify as a management control? A Review of security controls B Documentation C Personnel security D Physical and environmental protection,A,20 What is the goal of the Maintenance phase in a common development process of a security policy? A to present document to approving body B to writ
