Additional Information

Site Information

 Loading... Please wait...

SEC 360 Final Exam with Answers


Product Description

SEC 360 SEC360 Week 8 Final Exam Answers (Security and Privacy)


Question 1. 1. (TCO 1) Information security is a process that protects all of the following except _____. (Points : 5)

       personal privacy
       payroll integrity
       service availability
       hardware integrity 


Question 2. 2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)

       technologies, domains, families
       controls, families, domains
       domains, families, technologies
       principles, domains, families
       controls, domains, principles



Question 3. 3. (TCO 2) What are the classes of security controls? (Points : 5)

       Detection, prevention, and response
       Management, technical, and operational
       Administrative, technical, and physical
       Administrative, technical, and procedural


Question 4. 4. (TCO 3) Security policies, regardless of level, should ensure that _____ of assets is distinguished, _____ of people is maintained, and that _____ is managed because that is the enemy of security. (Points : 5)

       sensitivity, separation of duties, technology
       labels, responsibility, complexity
       labels, accountability, technology
       organization, accountability, complexity
       sensitivity, separation of duties, complexity 


Question 5. 5. (TCO 4) Privacy legislation is written to protect _____. (Points : 5)

       All of the above


Question 6. 6. (TCO 5) Ideas can be evaluated using _____, which are _____ that are not meant to be _____. (Points : 5)

       models, controls, solutions
       controls, abstractions, solutions
       models, abstractions, solutions
       solutions, controls, abstractions
       models, controls, abstractions


Question 7. 7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)

       closed-circuit television
       a good security plan
       an educated workforce
       certified security staff


Question 8. 8. (TCO 7) The security principle that says that each user should have access to exactly the information resources needed to do his/her job--no more and no less--is called _____. (Points : 5)

       separation of duties
       need to know
       least privilege
       minimal access
       least common mechanism 


Question 9. 9. (TCO 8) Security recovery strategies should always seek to restore _____. (Points : 5)

       system files
       application data
       user access
       networks supporting the IT infrastructure
       the known good state 


Question 10. 10. (TCO 9) Access controls manage the use of _____ by _____ in an information system. (Points : 5)

       files, people
       information resources, programs
       objects, subjects
       computer time, people
       computer cycles, applications 


Question 11. 11. (TCO 10) As a generalization, symmetric cryptography is used to encrypt _____, and asymmetric cryptography is used to encrypt _____. (Points : 5)

       messages, identities
       data, identities
       data, signatures
       data, messages
       messages, signatures


Question 12. 12. (TCO 10) In a given city, there are a group of people who wish to communicate through the use of asymmetric cryptography. They do not wish to work with any type of certificate authority. Given this information, how would this be accomplished? (Points : 5)

       Internal certificate authority
       Private extranet
       Public VPN provider
       IPSec tunnels
       Utilize PGP


Question 13. 13. (TCO 11) A firewall that disconnects an internal network from an external network is called a(n) _____. (Points : 5)

       packet-filtering router
       circuit-level gateway
       application-level gateway
       stateful inspection firewall
       bridge firewall


Question 14. 14. (TCO 12) In addition to normal functional and assurance bugs, intrusion detection is subject to two kinds of errors called _____ and _____. (Points : 5)

       type a, type b
       false positive, false negative
       hardware, software
       functional, assurance
       performance, availability


Question 15. 15. (TCO 13) Identify the SDLC phase in which business stakeholders and project team members should refer to company information security policies? (Points : 5)

       System requirements
       System design
       Detailed design
       Project inception



Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies. (Points : 15) 

Question 2. 2. (TCO 2) The three effects of security controls are prevention, detection, and recovery. Briefly explain how these effects are related to the known good state. (Points : 15)

Question 3. 3. (TCO 3) Briefly explain the "principle" that states that security = risk management. (Points : 15)

Question 4. 4. (TCO 4)  Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system. (Points : 15)

Question 5. 5. (TCO 5) Explain why the Bell-LaPadula model and the Biba model are called dual models. (Points : 15)

Question 6. 6. (TCO 6) Briefly explain why good physical security is critical to good information security. (Points : 15)

Question 7. 7. (TCO 7) Explain what media disposition means. (Points : 15 

Question 8. 8. (TCO 8) Explain the term cold site. (Points : 15)

1. (TCO 9) Explain the advantage of role-based access controls. (Points : 15)

Question 2. 2. (TCO 10) Name the two uses of a private key in asymmetric cryptography. (Points : 15)

Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization. (Points : 15)

Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)

Question 5. 5. (TCO 12) Explain why intrusion detection is necessary in terms of the known good state. (Points : 15)

Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)

Question 7. 7. (TCO 13) Explain what a virus is, pointing out how it is different from a worm. (Points : 15)

Find Similar Products by Category

Click the button below to add the SEC 360 Final Exam with Answers to your wish list.