final written
docx
keyboard_arrow_up
School
Whatcom Community College *
*We aren’t endorsed by this school
Course
215
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
16
Uploaded by BailiffFireChinchilla12
Question 1
In this security model, a subject can read all documents at or below their
security level but cannot read up.
a. Bell-LaPadula
c. Access Matrix
b. Biba
d. Clark-Wilson
Question 2
Policies, procedures, and controls that determine how information is
accessed and by whom.
d. Records Retention
a. Records Management
c. Access Management
b. Data Classification
Question 3
Video surveillance is considered a physical deterrent.
True
False
Question 4
Ensuring that a new building site is reasonably free from hazards falls under
this principle.
c. Fencing
b. Environmental Controls
a. Asset Protection
d. Secure Siting
Question 5
Audits are necessary because of ______
d. All of the Above
a. Potential liability
c. Negligence
b. Mandatory regulatory compliance
Question 6
The principle of least privilege means that users should have the fewest or
lowest number of privileges required to accomplish their duties.
True
False
Question 7
There is no potential downside to implementing an IPS.
True
False
Question 8
A scan of many or all TCP / IP “ports” on one or more target systems
d. Vulnerability Scanning
a. Source Code Reviews
c. Vulnerability Management
b. Business Continuity Management
Question 9
There are no NIST documents that deal with Forensics.
True
False
Question 10
The Federal Trade Commission, the Department of Agriculture, and the
Federal Communications Commission deal with this category of U.S. Laws.
a. Criminal Law
b. Administrative Law
d. Tort Law
c. Civil Law
Question 11
A NAC is used to help control which devices may connect to a network.
True
False
Question 12
A group of servers that operate functionally as a single logical server.
d. Fault Tolerance
b. Clustering
c. Virtualization
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
a. Replication
Question 13
Enjoy your free point by picking the answer that says, "This one".
No
No
No
This one
Question 14
A company can discontinue or decide not to enter a line of business if the
risk level is too high. This is categorized as ____________.
a. Risk acceptance
d. Risk avoidance
c. Risk mitigation
b. Risk assignment
Question 15
The Bell LaPadula model addresses the weaknesses of the Biba model.
True
False
Question 16
This is the first stage of a Security Incident Response.
b. Investigation
c. Triage
d. Recovery
a. Incident declaration
Question 17
This authentication protocol uses some encryption with PPP.
c. EAP
a. CHAP
d. PEAP
b. PAP
Question 18
In this security model a subject can write documents at or above their level
of security but cannot write documents below their level. This is known as
NWD.
d. Non-interference
a. Biba
c. Clark-Wilson
b. Bell-LaPadula
Question 19
One of the best ways to avoid wasting your organization’s resources is to
ensure that you follow the ________ review cycle.
c. Benchmark
a. Security
b. Audit
d. Monitoring
Question 20
This is a code of professional ethics that security experts are expected to
adhere to.
b. CCAI
a. RFC-1149
d. Security+
c. ISC²
Question 21
This wireless technology was created as a competitor to DSL and cable
modems and is a 'last mile' technology.
WiMAX
PAP
LTE
CDPD
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Question 22
In the Clark-Wilson model, this enforcement rule states that the system must
permit only the transformation procedures (TPs) certified to operate on a
constrained data item (CDI) to actually do so.
a. E3
c. E4
b. E1
d. E2
Question 23
Documentation is NOT a form of resource protection.
True
False
Question 24
Backups should always be stored onsite to ensure a quick recovery process.
True
False
Question 25
Double doors, where only one can be opened at a time.
a. Access Logs
b. Man Trap
d. Biometric
c. Fencing
Question 26
This security model is used by a system that has several levels of security
and is used by persons of varying security levels.
c. RBAC
b. MAC
a. multi-level
d. Biba
Question 27
This amendment of the US constitution covers privacy.
1st
3rd
4th
5th
Question 28
Some forms of RAID are fault tolerant.
True
False
Question 29
This is an older authentication protocol that uses UDP and does not encrypt
the stream.
b. TACACS+
a. DIAMETER
c. PAP
d. RADIUS
Question 30
A single T-1 line can only support 1.544 Mbit/sec.
True
False
Question 31
What are the steps taken during a security incident response?
Declare the incident.
Triage
Investigation
Analysis
Containment
Recovery
Debriefing
Continuous Improvement
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Question 32
Explain the difference between a Copyright and a Trademark
Copyright is a legal protection for a work of art such as a movie, song, or
book. It prevents others from copying your creative work and profiting from
it.
A trademark is legal protection for the branding of your business, such as a
logo. It prevents others from spoofing your brand to profit from your
reputation.
Question 33
Explain the Clark-Wilson Model
It is a data integrity model. In Clark-Wilson, there are authenticated users and TP's.
It has certification rules and enforcement rules. There are constrained and
unconstrained types of data. It has a set of rules that govern how data can go from
unconstrained to constrained, and vice versa.
It has rules that govern who/what
can operate on CDI's and UDI's.
Question 34
List the OSI model and the TCP/IP Model. List how they compare (i.e., what
levels match?) and give an example of what each layer is responsible for.
TCP/IP
OSI
Example
Application
Application
HTML display in
browser
Application
Presentation
Send JPG assets to
browser
Application
Session
SSL Encryption
Transport
Transport
TCP error control
Internet
Network
IP routing
Network Access
Datalink
Ethernet framing
Network Access
Physical
Binary
Question 35
A computer forensic expert is called to the scene of a crime. What is the first
thing the investigator will want to do?
Physical examination of computer
Live system forensics
Examination of surroundings
Examination of storage
Question 36
A systems engineer is managing a server cluster. A memory fault has occurred in one of the
active servers; the cluster software has caused another server in the cluster to become active.
The system engineer has witnessed a:
Pairing
Load balance
Failover
Synchronization
Question 37
This law was enacted after the September 11th attacks and expanded the
authority of U.S. law enforcement agencies, with the intention of enhancing
anti-terrorism efforts.
PATRIOT
COPPA
HITECH
HIPAA
38
Question 38
What Ethernet cabling category is most suitable in supporting 10Gb/s
transfer speeds?
Cat 5e
Cat 3
Cat 5
Cat 7
39
Question 39
Which part of preserving evidence pertains to documenting the seizure,
control, transfer, and analysis of physical or electronic evidence? If this is
broken, the defendant may challenge the integrity of the evidence.
Presentation of findings
Code of conduct
Incident recovery
Chain of custody
40
Question 40
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
This is the branch of law that involves two parties that have a grievance that
needs to be settled.
Civil
Administrative Law
Laidlaw
Criminal
41
Question 41
The first U.S. law to define computer trespass is:
Federal Information Security Management Act
Computer Fraud and Abuse Act of 1984
Computer Misuse Act
Sarbanes-Oxley Act
42
Question 42
A device whose design employs duplication of failure-prone components to ensure the
greatest possible availability is referred to as being:
Optimized
Triplicated
Clustered
Fault Tolerant
43
Question 43
An organization has issued metal keys to its employees and has recently suffered some after-
hours employee thefts. The organization is concerned about keeping the cost of the new
system to a minimum. What should they consider acquiring?
Turnstiles
A Key-card entry system
A Biometric entry system
Guard dogs
44
Question 44
SELinux is an example of what kind of Access Control?
RBAC
MAC
DAC
Rule-based Access Control
45
Question 45
What type of hypervisor is this?
Type 2
Type 3
Type 1
46
Question 46
This service provides residents with digital data services over telephone
wires. What component is redacted from the Service Provider side of this
image?
DSLAM
MSLAM
PSLAM
GrandSLAM
47
Question 47
Bluetooth can authenticate through the process of pairing, which provides a
level of security. What type of wireless technology is it considered to be?
Local Area Network
Personal Area Network
Small Area Network
Near Field Communication Network
48
Question 48
Thinking about Computer Hardware Architecture, the purpose of Secondary
Memory is:
Paging
Virtual memory management
Permanent storage of data
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Temporary storage of data
49
Question 49
CRC (Cyclic Redundancy Check) is done at this layer of the OSI model:
Session
Physical
Data Link
Application