Please i need answers to the attached questions asap. It is due in few hours. Thanks.

 

 

Question 1 (5 points)
Which of the following is NOT one of the three categories used by security specialists use for security violations:
Question 1 options:
Unauthorized information release
Unauthorized information modification
Unauthorized access to a facility
Unauthorized denial of use Question 2 (5 points)
The Guarding against improper information modification or destruction,
and includes ensuring information non-repudiation and authenticity is
called:
Question 2 options:
Integrity
Accessibility
Confidentiality
Availability Question 3 (5 points)
Which of the following is NOT a type of criteria currently used for evaluating system architectures:
Question 3 options:
Trusted Computer System Evaluation Criteria Information Technology Security Evaluation Criteria
Continuous Criteria
Common Criteria Question 4
Which information security model allows dynamic change of access
permission?
Question 4 options:
Information Flow Model
Brewer Nash
Clark-Wilson
Bell-LaPadula Question 5 (5 points)
The term authentication is used for those security techniques that verify the identity of a person (or other external agent) making a request
of a computer system.
Question 5 options:
True
False Question 6 The practice of applying a comprehensive and rigorous method for describing a current and/or future structure and behavior for an organization’s security processes, information security systems, personnel and
organizational sub-units, so that these practices and processes align
with the organization’s core goals and strategic direction is known as
the:
Question 6 options:
Information Security Architecture and Design
Common Criteria
Bell-LaPadula Model
Security Architecture and Design Question 7
A vulnerability is:
Question 7 options:
Any potential danger to information life cycle.
An instance of being compromised by a threat agent.
An administrative, operational, or logical mitigation against potential
risk(s).
A weakness or flaw that may provide an opportunity for a threat agent. Question 8
What is Defense in depth?
Question 8 options: Explain in words Question 9 (5 points)
Producing a system at any level of functionality (except level one) that
actually does prevent unauthorized acts has proved to be extremely
difficult.
Question 9 options:
True
False Question 10 (5 points)
The high water mark concept is used to determine the overall impact
level of the information system. Briefly describe a low-impact, moderate-impact, and high-impact system:
Question 10 options: Question 11 (5 points)
The SABSA framework specifies three security control "baselines" that
provide system managers a complete set of required security controls
based only on the security categorization of the system itself.
Question 11 options:
True
False Question 12 (5 points)
Every program and every user of the system should operate using
which of the following to complete the job? Question 12 options:
Least common mechanism
Least privilege
Separation of privilege
Open design Question 13
Briefly describe the difference between a security policy and a security
plan:
Question 13 options: Explain in words Question 14 (5 points)
NIST SP800-30 defines the control category as a preventive control if it
warns of violations or attempted violations of security policy and include such controls as audit trails, intrusion detection methods, and
checksums.
Question 14 options:
True
False Question 15 (5 points)
The process of establishing a user’s eligibility to perform a particular
task within a system is called credentialing. Question 15 options:
True
False Question 16 (5 points)
The standards, guidelines, and procedures are all established by the organization’s policies.
Question 16 options:
True
False Question 17 (5 points)
What are security controls? List 3 examples.
Question 17 options: Explain in words Question 18 (5 points)
Mobile and cloud computing; applications security; trustworthiness, assurance, and resiliency of information systems; insider threat; supply
chain security; and advanced persistent threats are addressed in which
of the following guidelines?
Question 18 options:
NIST SP 800-30 v.1
NIST SP 800-30 v.2 NIST SP 800-30 v.3
NIST SP 800-30 v.4 Question 19 (5 points)
In terms of Information Assurance, what is trusted software?
Question 19 options: Explain in words Question 20 (5 points)
Architecture is a high-level description of a system.
Question 20 options:
True
False