Topics

Explore all topics

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

Professors

Overall Quality
-/5
c c
Overall Quality
-/5
Billt Camp
Overall Quality
-/5
mathio g
Explore all Professors
Add Browser Extension
Start Free Trial
Need Help? Contact us
title
Textbook Solutions
Step-by-step solutions verified by experts
title
24/7 Homework Help
Complete assignments with the help of our community
title
Flashcards
Stimulate your visual memory & walk into test day with confidence
title
DocuAssist
Upload your study materials and we’ll help fill in the answers.
title
Campus Reps
Become a Campus Rep and earn up to 20% commission, plus weekly and monthly cash prizes.
title
My Courses
Add the courses you're enrolled in for tailored study material to meet your requirements
Explore all services
Add Browser Extension
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
العربية
search
ai logoChat with AI
Servicesarrow
Textbook Solutions icon
Textbook Solutions
24/7 Homework Help icon
24/7 Homework Help
Flashcards icon
Flashcards
DocuAssist icon
DocuAssist
Campus Reps icon
Campus Reps
My Courses icon
My Courses
Mobile App icon
Mobile App
Explore All Services
Discoverarrow

Topics

Explore All Services

Universities

uni logo
University of North Carolina at Chapel Hill
uni logo
University of Notre Dame
uni logo
Clemson University
Explore all Universities

professors

/5
c c
/5
Billt Camp
/5
mathio g
Explore all Professors
Explore all topics
Discover more topics
HomeSchoolingAsk a question

Deck 8: Security Management Models

Full screen (f)
exit full mode
Question
The principle of limiting users' access privileges to the specific informationrequired to perform their assigned tasks is known asneed-to-know.____________
Use Space or
up arrow
down arrow
to flip the card.
Question
The data access principle that ensures no unnecessary access to data exists byregulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.____________
Question
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

A) preventative
B) deterrent
C) corrective
D) compensating
Question
Lattice-based access control specifies the level of access each subject has to each object,if any.
Question
A security​monitor is a conceptual piece of the system within the trusted computer basethat manages accesscontrols-in other words,it mediates all access to objects by subjects.____________
Question
A security blueprint is the outline of the more thorough security framework.
Question
The Information Technology Infrastructure Library (ITIL)is a collection of policies andpractices for managing the development and operation of IT infrastructures.____________
Question
Which of the following is a generic blueprint offered by a service organization which must be flexible,scalable,robust,and detailed?

A) framework
B) security model
C) security standard
D) both A & B are correct
Question
In information security,a specification of a model to be followed during the design,selection,and initial and ongoing implementation of all subsequent security controls is known as a blueprint.____________
Question
Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.
Question
The information security principle that requires significant tasks to besplit up so that more than one individual is required to complete them is called isolation of duties.____________
Question
Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

A) need-to-know
B) eyes only
C) least privilege
D) separation of duties
Question
Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.
Question
In information security,a framework or security model customized to anorganization,including implementation details is known as afloorplan._____________
Question
Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?

A) Discretionary access controls
B) Task-based access controls
C) Security clearances
D) Sensitivity levels
Question
In a lattice-based access control,a restriction table is the row of attributes associated with aparticular subject (such as a user). ____________
Question
Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure.
Question
Dumpster delvingis an information attack that involves searching through a target organization'strash and recycling bins for sensitive information.____________
Question
Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

A) need-to-know
B) eyes only
C) least privilege
D) separation of duties
Question
A person'ssecurity clearance is a personnel security structure in which each user of an information asset isassigned an authorization level that identifies the level of classified information he or she iscleared to access.____________
Question
To design a security program,an organization can use a(n)____________________,which is a generic outline of the more thorough and organization-specific blueprint offered by a service organization.
Question
Which of the following is NOT one of the three levels in the U.S.military data classification scheme for National Security Information?

A) confidential
B) secret
C) top secret
D) for official use only
Question
ISO/IEC 27001 provides implementation detailson how to implement ISO/IEC 27002 and how to set up a(n)____________________.
Question
Which type of access controls can be role-based or task-based?

A) constrained
B) content-dependent
C) nondiscretionary
D) discretionary
Question
The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.
Question
Which control category discourages an incipient incident?

A) preventative
B) deterrent
C) remitting
D) compensating
Question
Which of the following is the primary purpose of ISO/IEC 27001:2005?

A) Use within an organization to formulate security requirements and objectives
B) Implementation of business-enabling information security
C) Use within an organization to ensure compliance with laws and regulations
D) To enable organizations that adopt it to obtain certification
Question
In which form of access control is access to a specific set of information contingent on its subject matter?

A) content-dependent access controls
B) constrained user interfaces
C) temporal isolation
D) None of these
Question
Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

A) Clark-Wilson
B) Bell-LaPadula
C) Common Criteria
D) Biba
Question
In the COSO framework,___________ activities include those policies and procedures that support management directives.
Question
Which of the following is NOT a change control principle of the Clark-Wilson model?

A) No changes by unauthorized subjects
B) No unauthorized changes by authorized subjects
C) No changes by authorized subjects without external validation
D) The maintenance of internal and external consistency
Question
Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute?

A) COBIT
B) COSO
C) NIST
D) ISO
Question
A time-release safe is an example of which type of access control?

A) content-dependent
B) constrained user interface
C) temporal isolation
D) nondiscretionary
Question
Which of the following is NOT a category of access control?

A) preventative
B) mitigating
C) deterrent
D) compensating
Question
Under the Common Criteria,which term describes the user-generated specifications for security requirements?

A) Target of Evaluation (ToE)
B) Protection Profile (PP)
C) Security Target (ST)
D) Security Functional Requirements (SFRs)
Question
____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.
Question
Under lattice-based access controls,the column of attributes associated with a particular object (such as a printer)is referred to as which of the following?

A) access control list
B) capabilities table
C) access matrix
D) sensitivity level
Question
Which piece of the Trusted Computing Base's security system manages access controls?

A) trusted computing base
B) reference monitor
C) covert channel
D) verification module
Question
The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

A) Control environment
B) Risk assessment
C) Control activities
D) InfoSec Governance
Question
Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

A) Bell-LaPadula
B) TCSEC
C) ITSEC
D) Common Criteria
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
A framework or security model customized to anorganization,including implementation details.
Question
Lattice-based access controls use a two-dimensional matrix to assign authorizations,what are the two dimensions and what are they called?
Question
When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
One of the TCSEC's covert channels,which communicate by modifying a stored object.
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.
Question
One approach used to categorize access control methodologies categorizes controls based on their operational impact on the organization.What are these categories as described by NIST?
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Controls implemented at the discretion or option of the data user.
Question
Access controls are build on three key principles.List and briefly define them.
Question
What are the two primary access modes of the Bell-LaPadula model and what do they restrict?
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Within TCSEC,the combination of all hardware,firmware,andsoftware responsible for enforcing the security policy.
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Controls access to a specific set of information based on its content.
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Access is granted based on a set of rules specified by the central authority.
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.
Question
Under what circumstances should access controls be centralized vs.decentralized?
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
A TCSEC-defined covert channel,which transmit information by managing the relative timing of events.
Question
What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?
Question
According to COSO,internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in what three categories?
Question
What is the data classification for information deemed to be National Security Information for the U.S.military as specified in 2009 in Executive Order 13526?
Question
There are seven access controls methodologies categorized by their inherent characteristics.List and briefly define them.
Question
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Ratings of the security level for a specified collection of information (or user)within a mandatory access control scheme.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/60
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 8: Security Management Models
1
The principle of limiting users' access privileges to the specific informationrequired to perform their assigned tasks is known asneed-to-know.____________
True
2
The data access principle that ensures no unnecessary access to data exists byregulating members so they can perform only the minimum data manipulation necessary is known as minimal privilege.____________
False - least
3
Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

A) preventative
B) deterrent
C) corrective
D) compensating
C
4
Lattice-based access control specifies the level of access each subject has to each object,if any.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
5
A security​monitor is a conceptual piece of the system within the trusted computer basethat manages accesscontrols-in other words,it mediates all access to objects by subjects.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
6
A security blueprint is the outline of the more thorough security framework.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
7
The Information Technology Infrastructure Library (ITIL)is a collection of policies andpractices for managing the development and operation of IT infrastructures.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following is a generic blueprint offered by a service organization which must be flexible,scalable,robust,and detailed?

A) framework
B) security model
C) security standard
D) both A & B are correct
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
9
In information security,a specification of a model to be followed during the design,selection,and initial and ongoing implementation of all subsequent security controls is known as a blueprint.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
10
Under the Clark-Wilson model,internal consistency means that the system is consistent with similar data in the outside world.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
11
The information security principle that requires significant tasks to besplit up so that more than one individual is required to complete them is called isolation of duties.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
12
Which access control principle limits a user's access to the specific information required to perform the currently assigned task?

A) need-to-know
B) eyes only
C) least privilege
D) separation of duties
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
13
Separation of duties is the principle by which members of the organization can access the minimum amount of information for the minimum amount of time necessary to perform their required duties.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
14
In information security,a framework or security model customized to anorganization,including implementation details is known as afloorplan._____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following specifies the authorization classification of information asset an individual user is permitted to access,subject to the need-to-know principle?

A) Discretionary access controls
B) Task-based access controls
C) Security clearances
D) Sensitivity levels
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
16
In a lattice-based access control,a restriction table is the row of attributes associated with aparticular subject (such as a user). ____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
17
Information Technology Infrastructure Library provides guidance in the development and implementation of an organizational InfoSec governance structure.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
18
Dumpster delvingis an information attack that involves searching through a target organization'strash and recycling bins for sensitive information.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
19
Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

A) need-to-know
B) eyes only
C) least privilege
D) separation of duties
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
20
A person'ssecurity clearance is a personnel security structure in which each user of an information asset isassigned an authorization level that identifies the level of classified information he or she iscleared to access.____________
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
21
To design a security program,an organization can use a(n)____________________,which is a generic outline of the more thorough and organization-specific blueprint offered by a service organization.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following is NOT one of the three levels in the U.S.military data classification scheme for National Security Information?

A) confidential
B) secret
C) top secret
D) for official use only
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
23
ISO/IEC 27001 provides implementation detailson how to implement ISO/IEC 27002 and how to set up a(n)____________________.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
24
Which type of access controls can be role-based or task-based?

A) constrained
B) content-dependent
C) nondiscretionary
D) discretionary
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
25
The ____________________ principle is based on the requirement that people are not allowed to view data simply because it falls within their level of clearance.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
26
Which control category discourages an incipient incident?

A) preventative
B) deterrent
C) remitting
D) compensating
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following is the primary purpose of ISO/IEC 27001:2005?

A) Use within an organization to formulate security requirements and objectives
B) Implementation of business-enabling information security
C) Use within an organization to ensure compliance with laws and regulations
D) To enable organizations that adopt it to obtain certification
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
28
In which form of access control is access to a specific set of information contingent on its subject matter?

A) content-dependent access controls
B) constrained user interfaces
C) temporal isolation
D) None of these
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
29
Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones.

A) Clark-Wilson
B) Bell-LaPadula
C) Common Criteria
D) Biba
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
30
In the COSO framework,___________ activities include those policies and procedures that support management directives.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
31
Which of the following is NOT a change control principle of the Clark-Wilson model?

A) No changes by unauthorized subjects
B) No unauthorized changes by authorized subjects
C) No changes by authorized subjects without external validation
D) The maintenance of internal and external consistency
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
32
Which of the following provides advice about the implementation of sound controls and control objectives for InfoSec,and was created by ISACA and the IT Governance Institute?

A) COBIT
B) COSO
C) NIST
D) ISO
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
33
A time-release safe is an example of which type of access control?

A) content-dependent
B) constrained user interface
C) temporal isolation
D) nondiscretionary
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
34
Which of the following is NOT a category of access control?

A) preventative
B) mitigating
C) deterrent
D) compensating
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
35
Under the Common Criteria,which term describes the user-generated specifications for security requirements?

A) Target of Evaluation (ToE)
B) Protection Profile (PP)
C) Security Target (ST)
D) Security Functional Requirements (SFRs)
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
36
____________________ channels are unauthorized or unintended methods of communications hidden inside a computer system,and include storage and timing channels.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
37
Under lattice-based access controls,the column of attributes associated with a particular object (such as a printer)is referred to as which of the following?

A) access control list
B) capabilities table
C) access matrix
D) sensitivity level
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
38
Which piece of the Trusted Computing Base's security system manages access controls?

A) trusted computing base
B) reference monitor
C) covert channel
D) verification module
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
39
The COSO framework is built on five interrelated components.Which of the following is NOT one of them?

A) Control environment
B) Risk assessment
C) Control activities
D) InfoSec Governance
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
40
Which security architecture model is part of a larger series of standards collectively referred to as the "Rainbow Series"?

A) Bell-LaPadula
B) TCSEC
C) ITSEC
D) Common Criteria
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
41
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
A framework or security model customized to anorganization,including implementation details.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
42
Lattice-based access controls use a two-dimensional matrix to assign authorizations,what are the two dimensions and what are they called?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
43
When copies of classified information are no longer valuable or too many copies exist,what steps should be taken to destroy them properly? Why?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
44
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
One of the TCSEC's covert channels,which communicate by modifying a stored object.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
45
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Requires that significant tasks be split up in such a way that more than one individual is responsible for their completion.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
46
One approach used to categorize access control methodologies categorizes controls based on their operational impact on the organization.What are these categories as described by NIST?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
47
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Controls implemented at the discretion or option of the data user.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
48
Access controls are build on three key principles.List and briefly define them.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
49
What are the two primary access modes of the Bell-LaPadula model and what do they restrict?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
50
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Within TCSEC,the combination of all hardware,firmware,andsoftware responsible for enforcing the security policy.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
51
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Controls access to a specific set of information based on its content.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
52
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Access is granted based on a set of rules specified by the central authority.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
53
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
54
Under what circumstances should access controls be centralized vs.decentralized?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
55
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
A TCSEC-defined covert channel,which transmit information by managing the relative timing of events.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
56
What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
57
According to COSO,internal control is a process designed to provide reasonable assurance regarding the achievement of objectives in what three categories?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
58
What is the data classification for information deemed to be National Security Information for the U.S.military as specified in 2009 in Executive Order 13526?
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
59
There are seven access controls methodologies categorized by their inherent characteristics.List and briefly define them.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
60
​a.blueprint
b.DAC
c.content-dependent access controls
d.rule-based access controls
e.separation of duties
f.sensitivity levels
g.storage channels
h.task-based controls
i.timing channels
j.TCB
Ratings of the security level for a specified collection of information (or user)within a mandatory access control scheme.
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 60 flashcards in this deck.
QuizPlus
surly
Quizplus
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App
surly
English
English
العربية
Scan to downloadDownload the App
qr-code

English
English
العربية
Copyright © 2025 Quizplus LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree