QUIZ1Whichofthefollowingisnotaresponsibilityofadatabaseadministrator?AMaintainingdatabasesBImplementingaccessrulestodatabasesCReorganizingdatabasesDProvidingaccessauthorizationtodatabasesD安全pptQUIZ2Accordingtogovernmentaldataclassificationlevels,howwouldanswerstotestsandhealthcareinformationbeclassified?AConfidentialBSensitivebutunclassifiedCPrivateDUnclassifiedB安全ppt安全pptQUIZ3.Accordingtoprivatesectordataclassificationlevels,howwouldsalarylevelsandmedicalinformationbeclassified?AConfidentialBPublicCPrivateDSensitiveC安全pptQUIZ4Whichofthenextarestepsofacommondevelopmentprocessofcreatingasecuritypolicy,standardsandprocedures?Adesign,development,publication,coding,testingBdesign,evaluation,approval,publication,implementationCinitialandevaluation,development,approval,publication,implementation,maintenanceDfeasibility,development,approval,implementation,integrationC安全ppt5Whatisthemainpurposeofasecuritypolicy?AtotransfertheresponsibilityfortheinformationsecuritytoallusersoftheorganizationBtoprovidedetailedstepsforperformingspecificactionsCtoprovideacommonframeworkforalldevelopmentactivitiesDtoprovidethemanagementdirectionandsupportforinformationsecurityD安全ppt6Whichofthefollowingdepartmentmanagerswouldbebestsuitedtooverseethedevelopmentofaninformationsecuritypolicy?ASecurityadministrationBHumanresourcesCBusinessoperationsDInformationsystemsC安全ppt7Whichofthefollowingisnotaresponsibilityofaninformationowner?ARunningregularbackupsandperiodicallytestingthevalidityofthebackupdata.BDelegatetheresponsibilityofdataprotectiontodatacustodians.CPeriodicallyreviewtheclassificationassignmentsagainstbusinessneeds.DDeterminewhatlevelofclassificationtheinformationrequires.A安全ppt8Whichofthefollowingisnotagoalofintegrity?APreventionofthemodificationofinformationbyunauthorizedusers.BPreventionoftheunauthorizedorunintentionalmodificationofinformationbyauthorizedusers.CPreventionofthemodificationofinformationbyauthorizedusers.DPreservationoftheinternalandexternalconsistency.C安全ppt9Whydomanyorganizationsrequireeveryemployeetotakeamandatoryvacationofaweekormore?AToleadtogreaterproductivitythroughabetterqualityoflifefortheemployee.BToreducetheopportunityforanemployeetocommitanimproperorillegalact.CToprovidepropercrosstrainingforanotheremployee.DToallowmoreemployeestohaveabetterunderstandingoftheoverallsystem.B安全ppt10Whichofthefollowingwouldbestrelatetoresourcesbeingusedonlyforintendedpurposes?AAvailabilityBIntegrityCReliabilityDConfidentialityA安全ppt11Securityofcomputer-basedinformationsystemsiswhichofthefollowing?AtechnicalissueBmanagementissueCtrainingissueDoperationalissueB安全ppt12Whichofthefollowingwouldbethefirststepinestablishinganinformationsecurityprogram?ADevelopmentandimplementationofaninformationsecuritystandardsmanual.BDevelopmentofasecurityawareness-trainingprogramforemployees.CPurchaseofsecurityaccesscontrolsoftware.DAdoptionofacorporateinformationsecuritypolicystatement.D安全ppt13Whichofthefollowingtasksmaybeperformedbythesamepersoninawell-controlledinformationprocessingfacility/computercenter?AComputeroperationsandsystemdevelopmentBSystemdevelopmentandchangemanagementCSystemdevelopmentandsystemsmaintenanceDSecurityadministrationandchangemanagementC安全ppt14Computersecurityshouldnot:ACoverallidentifiedrisks.BBecost-effective.CBeexaminedinbothmonetaryandnon-monetaryterms.DBeproportionatetothevalueofITsystems.A安全ppt15Whichofthefollowingismostconcernedwithpersonnelsecurity?AManagementcontrolsBHumanresourcescontrolsCTechnicalcontrolsDOperationalcontrolsD安全ppt16Whichofthefollowingismostlikelygiventheresponsibilityofthemaintenanceandprotectionofthedata?ASecurityadministratorBUserCDatacustodianDDataownerC安全ppt17Whoisresponsibleforprovidingreportstotheseniormanagementontheeffectivenessofthesecuritycontrols?AInformationsystemssecurityprofessionalsBDataownersCDatacustodiansDInformationsystemsauditorsD安全ppt18Riskmitigationandriskreductioncontrolscanbeofwhichofthefollowingtypes?Apreventive,detective,orcorrectiveBAdministrative,operationalorlogicalCdetective,correctiveDpreventive,correctiveandadministrativeA安全ppt19Whichofthefollowingwouldbestclassifyasamanagementcontrol?AReviewofsecuritycontrolsBDocumentationCPersonnelsecurityDPhysicalandenvironmentalprotectionA安全ppt20WhatisthegoaloftheMaintenancephaseinacommondevelopmentprocessofasecuritypolicy?AtopresentdocumenttoapprovingbodyBtowriteproposaltomanagementthatstatestheobjectivesofthepolicyCpublicationwithintheorganizationDtoreviewofthedocumentonthespecifiedreviewdateD安全ppt21Whichapproachtoasecurityprogrammakessurethatthepeopleactuallyresponsibleforprotectingthecompany'sassetsaredrivingtheprogram?AThetop-downapproachBThebottom-upapproachCThetechnologyapproachDTheDelphiapproachA安全ppt22ThepreliminarystepstosecurityplanningincludeallofthefollowingEXCEPTwhichofthefollowing?ADeterminealternatecoursesofactionBEstablishasecurityauditfunction.CEstablishobjectives.DListplanningassumptions.B安全ppt23ITsecuritymeasuresshould:ABetailoredtomeetorganizationalsecuritygoals.BMakesurethateveryassetoftheorganizationiswellprotected.CNotbedevelopedinalayeredfashion.DBecomplexA安全ppt24Whichofthefollowingembodiesallthedetailedactionsthatpersonnelarerequiredtofollow?ABaselinesBProceduresCGuidelinesDStandardsB安全ppt25WhichofthefollowingshouldNOTbeaddressedbyemployeeterminationpractices?ADeletionofassignedlogon-IDandpasswordstoprohibitsystemaccess.BReturnofaccessbadges.CEmployeebondingtoprotectagainstlossesduetotheft.DRemovaloftheemployeefromactivepayrollfiles.C安全ppt26Preservationofconfidentialityinformationsystemsrequiresthattheinformationisnotdisclosedto:AAuthorizedpersonsandprocessesBUnauthorizedpersons.CUnauthorizedpersonsorprocesses.DAuthorizedpersonC安全ppt27Whichofthefollowingstatementspertainingtoquantitativeriskanalysisisfalse?AItrequiresahighvolumeofinformationBItinvolvescomplexcalculationsCItcanbeautomatedDItinvolvesalotofguessworkD安全ppt28Allexceptwhichofthefollowarenotusedtoensureintegrity?AcompliancemonitoringservicesBintrusiondetectionservicesCcommunicationssecuritymanagementDfirewallservicesA安全ppt29WhichofthefollowingwouldviolatetheDueCareconcept?ALatestsecuritypatchesforserversonlybeinginstalledonceaweekBNetworkadministratornottakingmandatorytwo-weekvacationasplannedCSecuritypolicybeingoutdatedDDataownersnotlayingoutthefoundationofdataprotectionD安全ppt30Whatdoes"residualrisk"mean?AWeaknessofanassetswhichcanbeexploitedbyathreatBRiskthatremainsafterriskanalysishashasbeenperformedCTheresultofunwantedincidentDThesecurityriskthatremainsaftercontrolshavebeenimplementedD安全ppt31Whichofthefollowingquestionsshouldanyusernotbeabletoanswerregardingtheirorganization'sinformationsecuritypolicy?AWhereistheorganization'ssecuritypolicydefined?BWhoisinvolvedinestablishingthesecuritypolicy?CWhataretheactionsthatneedtobeperformedincaseofadisaster?DWhoisresponsibleformonitoringcompliancetotheorganization'ssecuritypolicy?C安全ppt32Inaproperlysegregatedenvironment,whichofthefollowingtasksiscompatiblewiththetaskofsecurityadministrator?ADataentryBSystemsprogrammingCQualityassuranceDApplicationsprogrammingC安全ppt33Themajorobjectiveofsystemconfigurationmanagementiswhichofthefollowing?AsystemmaintenanceBsystemtrackingCsystemstabilityDsystemoperationsC安全ppt34Inanorganization,anInformationTechnologysecurityfunctionshould:ABeindependentbutreporttotheInformationSystemsfunction.BBeleadbyaChiefSecurityOfficerandreportdirectlytotheCEO.CReportdirectlytoaspecializedbusinessunitsuchaslegal,corporatesecurityorinsurance.DBeafunctionwithintheinformationsystemsfunctionofanorganization.B安全ppt35Whoshouldmeasuretheeffectivenessofsecurityrelatedcontrolsinanorganization?AthecentralsecuritymanagerBthelocalsecurityspecialistCthesystemsauditorDthebusinessmanagerC安全ppt36WhatisadifferencebetweenQuantitativeandQualitativeRiskAnalysis?Afullyqualitativeanalysisisnotpossible,whilequantitativeisBquantitativeprovidesformalcost/benefitanalysisandqualitativenotCthereisnodifferencebetweenqualitativeandquantitativeanalysisDqualitativeusesstrongmathematicalformulasandquantitativenotB安全ppt37HowisAnnualizedLossExpectancy(ALE)derivedfromatreat?AAROx(SLE-EF)BSLExAROCSLE/EFDAVxEFB安全ppt38Onepurposeofasecurityawarenessprogramistomodify:Aattitudesofemployeeswithsensitivedata.Bcorporateattitudesaboutsafeguardingdata.Cemployee'sattitudesandbehaviors.Dmanagement'sapproach.C安全ppt39Controlsareimplementedto:AeliminateriskandreducethepotentialforlossBmitigateriskandeliminatethepotentialforlossCeliminateriskandeliminatethepotentialforlossDmitigateriskandreducethepotentialforlossD安全ppt40Whoshoulddecidehowacompanyshouldapproachsecurityandwhatsecuritymeasuresshouldbeimplemented?ATheinformationsecurityspecialistBAuditorCSeniormanagementDDataownerC安全ppt41Whichofthefollowingistheweakestlinkinasecuritysystem?APeopleBCommunicationsCHardwareDSoftwareA安全ppt42ISO17799isastandardfor:AInformationSecurityManagementBImplementationandcertificationofbasicsecuritymeasuresCCertificationofpublickeyinfrastructuresDEvaluationcriteriaforthevalidationofcryptographicalgorithmsA安全ppt43Whoofthefollowingisresponsibleforensuringthatpropercontrolsareinplacetoaddressintegrity,confidentiality,andavailabilityofITsystemsanddata?ABusinessandfunctionalmanagersBChiefinformationofficerCITSecuritypractitionersDSystemandinformationownersD安全ppt44Relatedtoinformationsecurity,theguaranteethatthemessagesentisthemessagereceivedisanexampleofwhichofthefollowing?AintegrityBidentityCavailabilityDconfidentialityA安全ppt45WhichoneofthefollowingrepresentsanALEcalculation?AassetvaluexlossexpectancyBactualreplacementcost-proceedsofsalvageCgrosslossexpectancyxlossfrequencyDsinglelossexpectancyxannualizedrateofoccurrenceD安全ppt46WhichofthefollowingchoicesisNOTpartofasecuritypolicy?AdescriptionofspecifictechnologiesusedinthefieldofinformationsecurityBdefinitionofoverallstepsofinformationsecurityandtheimportanceofsecurityCstatementofmanagementintend,supportingthegoalsandprinciplesofinformationsecurityDdefinitionofgeneralandspecificresponsibilitiesforinformationsecuritymanagementA安全ppt47Whichofthefollowingstatementspertainingtoasecuritypolicyisincorrect?AItmustbeflexibletothechangingenvironment.BItsmainpurposeistoinformtheusers,administratorsandmanagersoftheirobligatoryrequirementsforprotectingtechnologyandinformationassets.CItneedstohavetheacceptanceandsupportofalllevelsofemployeeswithintheorganizationinorderforittobeappropriateandeffective.DItspecifieshowhardwareandsoftwareshouldbeusedthroughouttheorganization.D安全ppt48Whichofthefollowingcouldbedefinedasthelikelihoodofathreatagenttakingadvantageofavulnerability?AAriskBAcountermeasureCAnexposureDAresidualriskA安全ppt49Whichofthefollowingshouldbegiventechnicalsecuritytraining?ASeniormanagers,functionalmanagersandbusinessunitmanagersBSecuritypractitionersandinformationsystemsauditorsCITsupportpersonnelandsystemadministratorsDOperatorsC安全ppt50Relatedtoinformationsecurity,availabilityistheoppositeofwhichofthefollowing?AdistributionBdestructionCdocumentationDdelegationB安全ppt51Whichmustbeartheprimaryresponsibilityfordeterminingthelevelofprotectionneededforinformationsystemsresources?ASeniorssecurityanalystsBsystemsauditorsCSeniorManagementDISsecurityspecialistsC安全ppt52Whatwouldbestdefineriskmanagement?ATheprocessofeliminatingtheriskBTheprocessofreducingrisktoanacceptablelevelCTheprocessofassessingtherisksDTheprocessoftransferringriskB安全ppt
本文档为【《安全管理习题讲解》PPT课件】,请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑,
图片更改请在作品中右键图片并更换,文字修改请直接点击文字进行修改,也可以新增和删除文档中的内容。
该文档来自用户分享,如有侵权行为请发邮件ishare@vip.sina.com联系网站客服,我们会及时删除。
[版权声明] 本站所有资料为用户分享产生,若发现您的权利被侵害,请联系客服邮件isharekefu@iask.cn,我们尽快处理。
本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权,请谨慎使用。
网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传,仅限个人学习分享使用,禁止用于任何广告和商用目的。
浙公网安备 33021202002483