Question 3:

What feature can be applied to information in an effort to protect it from being captured and read regardless of whether it is stored or being transmitted?

 

Question 4:

How might an attacker be able to gather classified information through inference?

 

Question 9:

When reviewing any type of audit log, what information is of particular importance and why?

 

Question 10:

How does the practice of desktop imaging help achieve the overall security mission for an organization who uses it?

 

Question 11:

Redundancy is a major component of which information security principle?

 

Question 12:

How does a DRP differ from a BCP?

Question 13:

Briefly explain how Discretionary Access Control (DAC) differs from Mandatory Access Control (MAC)

 

Question 14:

Name three different methods an organization might use in order to demonstrate user security awareness is a priority throughout their organization?

 

Question 15:

With military classifications, what is the one key element that distinguishes Sensitive and higher classifications from those labeled Unclassified?

 

Question 16:

 

List 3 elements within your organization's information system that might implement a clipping level.

 

Question 17:

Why are indirect costs associated with a business outage more difficult to measure than the direct costs?

 

Question 18:

How does a product tested at an EAL4 assurance level differ from one achieving only EAL1?

 

Question 19:

What characteristics of proxy servers distinguish them from firewalls?

 

Question 20:

What role does input validation serve in preventing SQL injection attacks?

 

Question 21:

What is the importance of acceptable use policy awareness training for users, and how often should it be conducted?