《精品论文安全管理习题讲解课件》由会员分享,可在线阅读,更多相关《精品论文安全管理习题讲解课件(53页珍藏版)》请在金锄头文库上搜索。
1、QUIZ,1 Which of the following is not a responsibility of a database administrator? A Maintaining databases B Implementing access rules to databases C Reorganizing databases D Providing access authorization to databases,D,QUIZ,2 According to governmental data classification levels, how would answers
2、to tests and health care information be classified? A Confidential B Sensitive but unclassified C PrivateD Unclassified,B,QUIZ,3. According to private sector data classification levels, how would salary levels and medical information be classified?A ConfidentialB PublicC PrivateD Sensitive,C,QUIZ,4
3、Which of the next are steps of a common development process of creating a security policy, standards and procedures?A design, development, publication, coding, testingB design, evaluation, approval, publication, implementationC initial and evaluation, development, approval, publication, implementati
4、on, maintenanceD feasibility, development, approval, implementation, integration,C,5 What is the main purpose of a security policy? A to transfer the responsibility for the information security to all users of the organization B to provide detailed steps for performing specific actions C to provide
5、a common framework for all development activities D to provide the management direction and support for information security,D,6 Which of the following department managers would be best suited to oversee the development of an information security policy? A Security administration B Human resources C
6、 Business operations D Information systems,C,7 Which of the following is not a responsibility of an information owner? A Running regular backups and periodically testing the validity of the backup data. B Delegate the responsibility of data protection to data custodians. C Periodically review the cl
7、assification assignments against business needs. D Determine what level of classification the information requires.,A,8 Which of the following is not a goal of integrity? A Prevention of the modification of information by unauthorized users. B Prevention of the unauthorized or unintentional modifica
8、tion of information by authorized users. C Prevention of the modification of information by authorized users. D Preservation of the internal and external consistency.,C,9 Why do many organizations require every employee to take a mandatory vacation of a week or more? A To lead to greater productivit
9、y through a better quality of life for the employee. B To reduce the opportunity for an employee to commit an improper or illegal act. C To provide proper cross training for another employee. D To allow more employees to have a better understanding of the overall system.,B,10 Which of the following
10、would best relate to resources being used only for intended purposes? A Availability B Integrity C Reliability D Confidentiality,A,11 Security of computer-based information systems is which of the following?A technical issueB management issueC training issueD operational issue,B,12 Which of the foll
11、owing would be the first step in establishing an information security program? A Development and implementation of an information security standards manual. B Development of a security awareness-training program for employees. C Purchase of security access control software. D Adoption of a corporate
12、 information security policy statement.,D,13 Which of the following tasks may be performed by the same person in a well-controlled information processing facility/computer center?A Computer operations and system developmentB System development and change managementC System development and systems ma
13、intenanceD Security administration and change management,C,14 Computer security should not:A Cover all identified risks.B Be cost-effective.C Be examined in both monetary and non-monetary terms.D Be proportionate to the value of IT systems.,A,15 Which of the following is most concerned with personne
14、l security?A Management controlsB Human resources controlsC Technical controlsD Operational controls,D,16 Which of the following is most likely given the responsibility of the maintenance and protection of the data?A Security administratorB UserC Data custodianD Data owner,C,17 Who is responsible fo
15、r providing reports to the senior management on the effectiveness of the security controls?A Information systems security professionalsB Data ownersC Data custodiansD Information systems auditors,D,18 Risk mitigation and risk reduction controls can be of which of the following types? A preventive, d
16、etective, or corrective B Administrative, operational or logical C detective, corrective D preventive, corrective and administrative,A,19 Which of the following would best classify as a management control?A Review of security controlsB DocumentationC Personnel securityD Physical and environmental pr
17、otection,A,20 What is the goal of the Maintenance phase in a common development process of a security policy?A to present document to approving bodyB to write proposal to management that states the objectives of the policyC publication within the organizationD to review of the document on the specified review date,
