I need help with the multiple choice answers on this quiz answers 6-20 on this document

 

 

 

MULTIPLE CHOICES QUESTIONS

6. Which of the following is not part of the security best practice?

A. Need to know

B. Least privilege

C. Separation of duties

D. Exposer

 

7. Which of the following is not a type of security control?

A. Directive Controls

B. Effective Controls

C. Preventive Controls

D. Corrective Controls

 

8. FIPS Publication 199 requires agencies to categorize their information system as

A. Low-impact

B. Medium-impact

C. High-impact

D. All of the above

 

9. Based on the FIPS PUB 200 The minimum security requirements cover -----------security -related areas with regard to protecting the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems

A. 17

B. 3

C. 12

D. 5

 

10. Federal agencies will have up to -----------year(s) from the date of final NIST Special Publication 800-53to fully comply with the changes but are encouraged to initiate compliance activities immediately. 

A. Four

B. Three

C. Two

D. One

 

11. Security awareness 

A. Is the same a professional education

B. Is the same as background checks and verifying education

C. Makes it easy to find out who is a security risk

D. Begins the first day of employment

 

12. Base on the NIST Special Publication 800-30, integration of Risk Management into the SDLC consist of ------------phases 

A. 10

B. 5

C. 3

D. 6

 

13. Base on the NIST Special Publication 800-30, The risk assessment methodology encompasses -------- primary steps

A. Five

B. Eight

C. Nine

D. Two

 

14. Base on the NIST Special Publication 800-30, integration of Risk, the control categories for both technical and nontechnical control methods can be further classified as: 

A. Preventive and detective 

B. preventive and defensive

C. defensive and detective

D. preventive and supportive

 

15. Which of the following is not a risk mitigation method?

A. Risk Assumption

B. Risk avoidance

C. Risk study

D. Risk limitation

16. The risk assessment process is usually repeated at least every ------ years for federal agencies, as mandated by OMB Circular A-130

A. six

B. five

C. four.

D. Three

 

17. Based on the MITRE Corporation’s Trusted Systems Concepts, A combination of hardware, software, and firmware that implements the Reference Monitor concept is called

A. Assurance system

B. Reference validation mechanism

C. Trusted computing systems

D. Trusted computing mechanism

 

 

18. The Biba model was developed to protect which of the following?

A. Availability

B. Integrity

C. Confidentiality

D. Access control

 

19. The Bell-LaPadula model was developed to protect which of the following?

A. Availability

B. Integrity

C. Confidentiality

D. Access Control

 

20. Which model is concerned with who is authorized to give access to file and folders to other users?

A. Clark-Wilson

B. Bell LaPadula

C. Biba

D. Take-Grant