Question 1

Which of the following statements best describes the Biba security model?&#10;A) No read up, no write up&#10;B) No write up, no write down&#10;C) No read up, no write down&#10;D) No read down, no write up

Accepted Answer

The Biba security model is designed to prevent data from being modified by unauthorized parties and to ensure that data maintains its integrity. It is summarized by the principle of "no read down, no write up," which means that a subject cannot read data at a lower integrity level (no read down) and cannot write data to a higher integrity level (no write up). This model is the opposite of the Bell-LaPadula model, which focuses on confidentiality and uses the "no write down, no read up" principle.

Question 2

Which of the following best described the Bell-Lapadula security model?&#10;A) No read up, no write up&#10;B) No write up, no write down&#10;C) No read up, no write down&#10;D) No read down, no write up

Accepted Answer

The Bell-Lapadula security model is designed to maintain the confidentiality of data in a system. It enforces two main rules: "no read up" (the Simple Security Property), which prevents a subject from accessing information at a higher security level, and "no write down" (the *-property or Star Property), which prevents a subject from writing information to a lower security level. This ensures that sensitive information does not leak to lower security levels.

Question 3

A Social Security number would be classified in which of the following levels under the private sector classification system?&#10;A) Internal use&#10;B) Protected&#10;C) Confidential&#10;D) Public

Accepted Answer

Protected&#10;

Question 4

Which of the following would most likely be classified as confidential information under the private sector classification system?&#10;A) Laboratory research&#10;B) Social Security number&#10;C) List of upcoming trade shows&#10;D) Nonsensitive client or vendor information

Accepted Answer

The answer of Which of the following would most likely...

Question 5

Which of the following is not one of the classification levels for national security information?&#10;A) Secret&#10;B) Protected&#10;C) Confidential&#10;D) Unclassified

Accepted Answer

Protected is not a classification level for national security information in the standard U.S. classification system, which includes Top Secret, Secret, Confidential, and Unclassified.

Question 6

Which of the following is not one of the classification levels for private sector information?&#10;A) Protected&#10;B) Secret&#10;C) Internal use&#10;D) Public

Accepted Answer

The classification levels for private sector information typically include categories like "Public," "Internal use," and "Protected" to indicate the level of sensitivity and the intended audience. "Secret" is a classification level used in governmental or military contexts, not for private sector information.

Question 7

Which of the following statements describes reclassification?&#10;A) The process of changing the classification level to a lower level&#10;B) The process of removing a classification&#10;C) The process of assigning a classification&#10;D) The process of upgrading a classification

Accepted Answer

The answer of Which of the following statements describes reclassification?&#10;A)...

Question 8

Which if the following statements best describes declassification?&#10;A) The process of upgrading a classification&#10;B) The process of assigning a new classification&#10;C) The process of downgrading sensitivity levels&#10;D) The process of removing a classification

Accepted Answer

The answer of Which if the following statements best describes...

Question 9

Which of the following is a hardware identification number that uniquely identifies a device?&#10;A) IP domain name&#10;B) MAC address&#10;C) IPv4 address&#10;D) IPv6 address

Accepted Answer

MAC address is a unique identifier assigned to network interfaces for communications on the physical network segment. Unlike IP addresses, which can change based on the network configuration, a device's MAC address is a fixed hardware attribute.

Question 10

A MAC address uses which of the following formats?&#10;A) Hexadecimal&#10;B) Binary&#10;C) Decimal&#10;D) Unicode

Accepted Answer

MAC addresses are represented in hexadecimal format, which consists of 12 digits split into pairs by colons or hyphens.

Question 11

Which of the following refers to the unauthorized or unintentional modification or destruction of information?&#10;A) Loss of availability&#10;B) Loss of confidentiality&#10;C) Loss of control&#10;D) Loss of integrity

Accepted Answer

The answer of Which of the following refers to the...

Question 12

Which of the following is not one of the responsibilities of a data owner?&#10;A) Assigning the economic or business value to the asset&#10;B) Implementing security controls for the asset&#10;C) Defining the level of protection required for the asset&#10;D) Deciding who should have access to the asset

Accepted Answer

The answer of Which of the following is not one...

Question 13

The objective of an __________ is to differentiate data types to enable organizations to safeguard CIA based on content.&#10;A) asset classification policy&#10;B) information ownership policy statement&#10;C) information classification system&#10;D) inventory information systems

Accepted Answer

The answer of The objective of an __________ is to...

Question 14

Which of the following means the loss of CIA could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals?&#10;A) High potential impact&#10;B) Moderate potential impact&#10;C) Low potential impact&#10;D) No potential impact

Accepted Answer

The answer of Which of the following means the loss...

Question 15

Which of the following informs custodians and users how to treat the information they use and the systems they interact with?&#10;A) Processing standards&#10;B) Handling standards&#10;C) Organizational standards&#10;D) Classification standards

Accepted Answer

The answer of Which of the following informs custodians and...

Question 16

Which of the following refers to visible and tangible pieces of equipment and media, such as computer equipment and storage media?&#10;A) Operating system software&#10;B) Software assets&#10;C) Productivity software&#10;D) Hardware assets

Accepted Answer

The answer of Which of the following refers to visible...

Question 17

Which of the following refers to programs or code that provide the interface between the hardware, the users, and the data?&#10;A) Software assets&#10;B) Hardware assets&#10;C) Infrastructure equipment&#10;D) Printers

Accepted Answer

The answer of Which of the following refers to programs...

Question 18

Which of the following is designed to implement the business rules of the organization and is often custom-developed?&#10;A) Productivity software&#10;B) Operating system software&#10;C) Application software&#10;D) Software assets

Accepted Answer

The answer of Which of the following is designed to...

Question 19

Which data type protected by DLP includes patent applications, product design documents, the source code of software, research information, and customer data?&#10;A) Personally Identifiable Information (PII)&#10;B) Intellectual Property (IP)&#10;C) Nonpublic Information (NPI)&#10;D) None of the above

Accepted Answer

The answer of Which data type protected by DLP includes...

Deck 5: Asset Management and Data Loss Prevention