Follow and like us on our Facebook page where we post on the new release subject and answering tips and tricks to help save your time so that you can never feel stuck again.
Shortcut

Ctrl + F is the shortcut in your browser or operating system that allows you to find words or questions quickly.

Ctrl + Tab to move to the next tab to the right and Ctrl + Shift + Tab to move to the next tab to the left.

On a phone or tablet, tap the menu icon in the upper-right corner of the window; Select "Find in Page" to search a question.

Share Us

Sharing is Caring

It's the biggest motivation to help us to make the site better by sharing this to your friends or classmates.

Information Security and Management

The process of protecting an organization's data and assets against potential threats of the primary goals of these processes is to protect data availability.

refresher

security

risk

governance

management tools

federal

azure

assurance

blockchain

cyber security

equifax breache

critical capabilities

security salary

compliance

program developmen

siem

magic quadrant

splunk security

information technology

computer science

Four Security Domain

  • Physical Security, Virus, IT Security and Operational Security
  • Physical Security, Personnel Security, IT Security and Security
  • Physical Security, Personnel Security, IT Security and Operational Security
  • System, Personnel Security, IT Security and Operational Security

Development of the business scenarios and subsequent high-level use-cases of the project concerned will bring to attention the people actors and system actors involved. What phase is that?

  • Phase C: Information System Architecture
  • Phase B: Business Architecture
  • Phase A: Architecture Vision
  • Phase D: Technology Architecture

Risks not avoided or transferred are retained by the organization.

  • Risk Avoidance
  • Risk mitigation
  • Risk Acceptance
  • Risk Transfer

Is the inherent technical features and functions that collectively contribute to an IT infrastructure achieving and sustaining confidentiality, integrity, availability, accountability, authenticity, and reliability.”

  • IT security

To affect the technical performance and the capability of physical systems, to disrupt the capabilities of the defender.

  • Noise
  • Desired Effects
  • Attacker's Operations
  • Perceptual

Is a collection of all the trust mechanisms of a computer system which collectively enforce the policy.

  • Lifecycle
  • Assurance
  • TCB
  • Trust

Is it true or false. Encrypting all personal information when saved on different storage media is some basic steps in storing personal data.

  • True
  • False

This is an assurance that the systems responsible for delivering, storing, and processing information are accessible when needed, by those who need them.

  • integrity
  • availability
  • security
  • confidentiality

IA is a special subject under Information Technology program.

  • True
  • False

Physical attack and destruction, including: electromagnetic attack, visual spying, intrusion, scavenging and removal, wiretapping, interference, and eavesdropping.

  • Information
  • Data
  • Attacker's Operations
  • Desired Effects

Assurance that the sender is provided with proof of a data delivery and recipient is provided with proof of the sender’s identity, so that neither can later deny having processed the data.

  • Non-repudiation

Definition of relevant stakeholders and discovery of their concerns and objectives will require development of a high-level scenario. What phase is that?

  • Phase C: Information Systems Architecture
  • Phase A: Architecture Vision
  • Phase D: Technology Architecture
  • Phase B: Business Architecture

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM

  • Phase B: Business Architecture
  • Phase D: Technology Architecture
  • Phase C: Information Systems Architecture
  • Phase A: Architecture Vision

Those who are most affected and achieve most value from the security work

  • Identify core enterprise

Not performing an activity that would incur risk.

  • Risk Acceptance
  • Risk transfer
  • Risk mitigation
  • Risk Avoidance

True or False: Codified data/information asset ownership and custody

  • True
  • False

Security architecture introduces its own normative flows through systems and among applications.

  • True
  • False

Acceptance, avoidance, mitigation, transfer—are with respect to a specific risk for a specific pary.

  • The risk treatment
  • Trust
  • Risk transfer
  • Trust mechanism

Is a generic term that implies a mechanism in place to provide a basis for confidence in the reliability/security of the system.

  • The risk treatment
  • Trust
  • Risk transfer
  • Trust mechanism

In information security, data integrity means maintaining and assuring the accuracy and consistency of data over its entire life-cycle.

  • True
  • False

Concept of Cybercrime

  • True
  • False

Is it true or false. An additional risk occurs when personal information is stored in client accounts on commercial websites, which may become the target of cyber-attacks anytime, so stored data becomes vulnerable is some basic steps in storing personal data.

  • True
  • False

Cyber security, also referred to as information technology security, focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.

  • True
  • False

Security architecture calls for its own unique set of skills and competencies of the enterprise and IT architects.

  • True
  • False

Physical security consist in the closure of IT equipment in a dedicated space and the provision of access control.

  • Prevent Cyber-Attacks
  • Recon
  • Install
  • System

Six Concept of CyberCrime

  • Digital Underground, Virus, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet
  • Digital Underground, Underground Economy, System, Hacktivism, Cyberwar:Estonia Case and Stuxnet
  • System, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet
  • Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet

Raw facts with an unknown coding system

  • Noise

Actions taken that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation

  • True
  • False

Security architecture composes its own discrete views and viewpoints.

  • True
  • False

Is it true or false. Storage the minimum required data online and maximum discretion in providing them to a third party (users, companies) is some basic steps in storing personal data.

  • True
  • False

Converting data into information thus requires knowledge

  • Information
  • Noise
  • Data
  • Knowledge

Information security technical measures such as: encryption and key management, intrusion detection, anti-virus software, auditing, redundancy, firewalls, policies and standards.

  • Defender’s operations

Security architecture addresses non-normative flows through systems and among applications.

  • True
  • False

Availability:Assurance that the systems responsible for delivering, storing and processing information are accessible when needed, by those who need them.

  • True
  • False

True or False: Identify the security governance involved, including legal frameworks and geographies (enterprises)

  • True
  • False

Assess and baseline current security-specific architecture elements. What phase is that?

  • Phase D: Technology Architecture
  • Phase B: Business Architecture
  • Phase A: Architecture Vision
  • Phase C: Information System Architecture

Every system will rely upon resources that may be depleted in cases that may or may not be anticipated at the point of system design. What phase is that?

  • Phase D: Technology Architecture
  • Phase C: Information System Architecture
  • Phase A: Architecture Vision
  • Phase B: Business Architecture

The definition and enforcement of permitted capabilities for a person or entity whose identity has been established.

  • Authorization
  • Audit
  • Assurance
  • Authentication

The ability to provide forensic data attesting that the systems have been used in accordance with stated security policies.

  • Authentication
  • Audit
  • Assurance
  • Authorization

Changes in security standards are usually less disruptive since the trade-off for their adoption is based on the value of the change. However, standards changes can also be mandated. What phase is that?

  • Phase B: Business Architecture
  • Phase G: Implementation Governance
  • Phase A: Architecture Vision
  • Phase H: Architecture Change Mana

True or False: Written and published security policy

  • True
  • False

Involves the implementation of standard operational security procedures that define the nature and frequency of the interaction between users, systems, and system resources, the purpose of which is to.

  • Operational security

True or False: Business rules regarding handling of data/information assets

  • True
  • False

Risk Management Procedure consists of six steps.

  • Assess assets
  • Assess vulnerabilities
  • Prioritize countermeasure options
  • Assess productivity
  • Assess threats
  • Give feedback to production
  • Assess risks
  • Assess profitable
  • Make risk management decisions

These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

  • Action on objective
  • Installation
  • Exploitation
  • Command and Control

Availability: Availability of information refers to ensuring that authorized parties are able to access the information when needed

  • True
  • False

Is the process of maintaining an acceptable level of perceived risk

  • Security

Type of Concept for Cybercrime

  • Digital Underground, Efficient Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet
  • Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and System
  • Program, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet
  • Digital Underground, Underground Economy, Phishing, Hacktivism, Cyberwar:Estonia Case and Stuxnet
  • Data
  • Noise
  • Information
  • Knowledge

The ability to test and prove that the enterprise architecture has the security attributes required to uphold the stated security policies.

  • Authentication
  • Audit
  • Authorization
  • Assurance

From the Baseline Security Architecture and the Enterprise Continuum, there will be existing security infrastructure and security building blocks that can be applied to the requirements derived from this architecture development engagement. What phase is that?

  • Phase B: Business Architecture
  • Phase A: Architecture Vision
  • Phase E: Opportunities & Solutions
  • Phase D: Technology Architecture

Assurance that the information is authentic and complete.

  • Availability
  • Integrity
  • Confidentiality
  • Security

Identify existing security services available for re-use. What phase is that?

  • Phase A: Architecture Vision
  • Phase D: Technology Architecture
  • Phase E: Opportunities & Solutions
  • Phase F: Migration Planning

Is data endowed with relevance and purpose.

  • Data
  • Knowledge
  • Information
  • Noise

Those stakeholders who will be affected by security capabilities and who are in groups of communities

  • Identify communities involved

Revisit assumptions regarding interconnecting systems beyond project control, Identify and evaluate applicable recognized guidelines and standards and Identify methods to regulate consumption of resources. What phase is that?

  • Phase B: Business Architecture
  • Phase D: Technology Architecture
  • Phase E: Opportunities & Solutions
  • Phase A: Architecture Vision

Is a measure of confidence that the security features, practices, procedures, and architecture of a system accurately mediates and enforces the security policy.

  • System
  • TCB
  • Lifecyle
  • Assurance

After the first six phases, an attacker can act to achieve the goals. These actions typically consist of collecting information, modifying data integrity, or attacking the availability of services and devices, but the victim system can also be used as a starting point for infecting other systems or for expanding access to the local network.

  • Trusted
  • Program
  • Action on Objective
  • System

Transmitting the weapon to the target environment.

  • Weaponization
  • Reconnaissance
  • Delivery
  • Exploitation

Are the security features of a system that provide enforcement of a security policy.

  • Trust
  • Trust mechanism
  • Coding
  • Design

The substantiation of the identity of a person or entity related to the enterprise or system in some way.

  • Authorization
  • Assurance
  • Authentication
  • Audit

Research, target identification and selection: it may be looking for e-mail addresses, social relationships, or data about a particular technology, information displayed on various websites;

  • Delivery
  • Exploitation
  • Weaponization
  • Reconnaissance

Processed data

  • Information

Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

  • Command and control

True or False: Identify extended enterprise (units) - those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes

  • True
  • False

True or False: Data classification policy documentation

  • True
  • False

Security measures to establish the validity of a transmission, message, or originator.

  • Authentication

This ensures that internal networks are secure by protecting the infrastructure and inhibiting access to it.

  • network security
  • cyber space
  • network regulation
  • cyber network

Cybersecurity is the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organization and user’s assets.

  • True
  • False

The organization's attitude and tolerance for risk.

  • Risk Management
  • Assurance
  • Audit

Infecting a victim system with a computer trojan, backdoor or other malware application of this type that ensures the attacker’s presence in the target environment;

  • Installation

As the volume and sophistication of cyber attacks grow, companies and organizations need to take steps to protect their sensitive business and personnel information.

  • True
  • False

Assess the impact of new security measures upon other new components or existing leveraged systems. What phase is that?

  • Phase E: Opportunities & Solutions
  • Phase A: Architecture Vision
  • Phase B: Business Architecture
  • Phase F: Migration Planning

The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

  • Reconnaissance
  • Installation
  • Weaponization
  • Exploitation

Cyberspace is "the environment in which communication over computer networks occurs.“

  • True
  • False

True or False: Identify core enterprise (units) - those who are most affected and achieve most value from the security work

  • True
  • False

Accepted facts, principles, or rules of thumb that are useful for specific domains.

  • Knowledge

Is it true or false. The use of complex, unique, hard to guess or break passwords, consisting of numbers, upper/lower case letters and special characters is some basic steps in storing personal data.

  • True
  • False

Are applicable to ensuring that security requirements are addressed in subsequent phases of the ADM. What phase is that?

  • Phase B: Business Architecture
  • Phase D: Technology Architecture
  • Phase A: Architecture Vision
  • Phase C: Information Systems Architecture

Consists of employees, former employees and contractors.

  • Insiders

Those who will see change to their capability and work with core units but are otherwise not directly affected

  • Identify soft enterprise

Information and data manipulation abilities in cyberspace;

  • Physical Security
  • Information Infrastructure
  • IT Security
  • Noise

Usually an infected host must be accessible outside of the local network to establish a command and control channel between the victim and the attacker. Once this bidirectional communication has been made, an attacker has access inside the target environment and can usually control the activity by manually launching commands;

  • Command
  • System Code
  • Command and Control
  • Program Code

Those units outside the scoped enterprise who will need to enhance their security architecture for interoperability purposes

  • Identify extended enterprise

IA takes steps to maintain integrity, such as having anti-virus software in place so that data will not be altered or destroyed, and having policies in place.

  • True
  • False

Raw facts with a known coding system

  • Data

Information Assurance (IA) is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation.

  • True
  • False

Taking actions to reduce the losses due to a risk; many technical countermeasures fall into this category.

  • Risk Acceptance
  • Risk Avoidance
  • Risk mitigation
  • Risk transfer

What are the steps in intrusion model?

  • Recon, Weaponise, Deliver, Exploit, Install, C2 and Action
  • System, Weaponise, Deliver, Exploit, Install, C2 and Action
  • Recon, Weaponise, Deliver, Exploit, Install, System and Action
  • Recon, Weaponise, Deliver, System, Install, C2 and Action

In a phased implementation the new security components are usually part of the infrastructure in which the new system is implemented. The security infrastructure needs to be in a first or early phase to properly support the project. What phase is that?

  • Phase B: Business Architecture
  • Phase A: Architecture Vision
  • Phase F: Migration Planning
  • Phase G: Implementation Governance

The ability to add and change security policies, add or change how policies are implemented in the enterprise, and add or change the persons or entities related to the systems.

  • Audit
  • Administration
  • Risk Management
  • Assurance

Is it true or false. Using encrypted versions of protocols when sensitive information is exchanged so as to ensure data confidentiality and prevent identity theft is some basic steps in storing personal data.

  • True
  • False

Making a malware application (for example, a computer trojan) that, combined with an exploitable security breach, allows remote access. Moreover, PDF (Portable Document Format) files or Microsoft Office suite-specific files can be regarded as weapons available to the attacker;

  • Weaponization
  • Exploitation
  • Reconnaissance
  • Delivery

Logical security consists in software that are necessary to control the access to information and services of a system. The logical level is divided into two categories: access security level and service security level.

  • Prevent Cyber-Attacks
  • System
  • Recon
  • Install

Is the process by which an asset is managed from its arrival or creation to its termination or destruction.

  • Lifecycle
  • Assurance
  • TCB
  • System

After the weapon is delivered to the victim, follows the targeting of an application or vulnerability of the operating system. The infected file can be used by the self-execution facility to launch the malware code, or it can be executed by the user himself;

  • Weaponization
  • Reconnaissance
  • Delivery
  • Exploitation

Is roughly equivalent to privacy

  • Security
  • Availability
  • Confidentiality
  • Integrity

Is a process, not an end state

  • Security

The ability of the enterprise to function without service interruption or depletion despite abnormal or malicious events.

  • Audit
  • Availability
  • Assurance
  • Authentication

Acronym for TCB?

  • Trusting Computer Based
  • Trusted Computer Based
  • Trusting Computing Based
  • Trusted Computing Base

Timely, reliable access to data and information services for authorized users;

  • Availability

Changes in security requirements are often more disruptive than a simplification or incremental change. Changes in security policy can be driven by statute, regulation, or something that has gone wrong. What phase is that?

  • Phase G: Implementation Governance
  • Phase A: Architecture Vision
  • Phase H: Architecture Change Management
  • Phase F: Migration Planning

True or False: Identify communities involved (enterprises) - those stakeholders who will be affected by security capabilities and who are in groups of communities

  • True
  • False

True or False: Risk analysis documentation

  • True
  • False

Seven Stages of lifecycle model

  • Risk Transfer, Design, Coding, Testing, Deployment, Production and Decommission
  • Requirements, Design, Trust Mechanism, Testing, Deployment, Production and Decommission
  • Requirements, Design, Coding, Testing, Deployment, Production and Decommission
  • Requirements, Trust, Coding, Testing, Deployment, Production and Decommission

Identify existing security services available for re-use

  • Phase D: Technology Architecture
  • Phase A: Architecture Vision
  • Phase E: Opportunities & Solutions
  • Phase F: Migration Planning

The main ways of transport are e-mails (attachment of infected files), web platforms (running malware scripts), or removable USB memories;

  • Delivery
  • C2
  • Install
  • Recon

Assurance that information is shared only among authorized persons or organizations.

  • Security
  • Integrity
  • Confidentiality
  • Availability

Is a variety of ongoing measures taken to reduce the likelihood and severity of accidental and intentional alteration, destruction, misappropriation, misuse, misconfiguration, unauthorized distribution, and unavailability of an organization’s logical and physical assets, as the result of action or inaction by insiders and known outsiders, such as business partners.”

  • Personnel Security
  • Operational Security
  • IT Security
  • Physical Security

Establish architecture artifact, design, and code reviews and define acceptance criteria for the successful implementation of the findings. What phase is that?

  • Phase A: Architecture Vision
  • Phase B: Business Architecture
  • Phase G: Implementation Governance
  • Phase H: Architecture Change Management

True or False: Identify soft enterprise (units) - those who will see change to their capability and work with core units but are otherwise not directly affected

  • True
  • False

Assess and baseline current security-specific technologies. What phase is that?

  • Phase D: Technology Architecture
  • Phase C: Information System Architecture
  • Phase B: Business Architecture
  • Phase A: Architecture Vision

The protection of information assets from loss or unintended disclosure, and resources from unauthorized and unintended use.

  • Administration
  • Asset Protection
  • Audit
  • Risk Management

Many security vulnerabilities originate as design or code errors and the simplest and least expensive method to locate and find such errors is generally an early review by experienced peers in the craft. What phase is that?

  • Phase G: Implementation Governance
  • Phase H: Architecture Change Management
  • Phase A: Architecture Vision
  • Phase B: Business Architecture

A full inventory of architecture elements that implement security services must be compiled in preparation for a gap analysis. What phase is that?

  • Phase C: Information System Architecture
  • Phase B: Business Architecture
  • Phase D: Technology Architecture
  • Phase A: Architecture Vision

Determine who are the legitimate actors who will interact with the product/service/process. What phase is that?

  • Phase D: Technology Architecture
  • Phase A: Architecture Vision
  • Phase B: Business Architecture
  • Phase C: Information Systems Architecture

Security architecture introduces unique, single-purpose components in the design.

  • True
  • False

Protection against unauthorized modification or destruction of information

  • Integrity

These are constantly creating and implementing new security tools to help enterprise users better secure their data.

  • content developer
  • APPS providers
  • vloggers
  • cloud providers

Three distinct levels:

  • Physical
  • Perceptual
  • Desired Effects
  • Conceptual
  • Frameworks

Three Features of Security

  • Efficient, Integrity and Availability
  • No Feelings, Integrity and Availability
  • Confidentiality, Integrity and Flexible
  • Confidentiality, Integrity and Availability

Negotiations are much more accessible over networks, causing the adoption of security measures during the development phase to be an imperative phase of the project.

  • True
  • False

Is the study of how to protect your information assets from destruction, degradation, manipulation and exploitation.

  • Information Assurance
  • Efficient
  • Integrity
  • Confidentiality

ailure of the mechanism may destroy the basis for trust.

  • Trust
  • Assurance
  • TCB
  • System

Refers to the protection of hardware, software, and data against physical threats to reduce or prevent disruptions to operations and services and loss of assets.”

  • Personnel Security
  • IT Security
  • Operational Security
  • Physical Security

Integrity is the most important character trait of Information Assurance.

  • True
  • False

It should be: accurate, timely, complete, verifiable, consistent, available.

  • Noise
  • Data
  • Knowledge
  • Information

Assurance that information is not disclosed to unauthorized persons

  • Confidentiality

Four Security Domains

  • Operational Security
  • Web Security
  • Physical Security
  • IT Security
  • Personnel Security
  • Data Security

Data and data processing activities in physical space;

  • Personnel Security
  • Physical
  • Physical Security
  • IT Security

Security architecture has its own discrete security methodology.

  • True
  • False

The following security specifics appropriate to the security architecture must be addressed within each phase in addition to the generic phase activities. What phase is that?

  • Phase A: Architecture Vision
  • Phase D: Technology Architecture
  • Phase B: Business Architecture
  • Phase C: Information Systems Architecture

Shift the risk to someone else.

  • Risk Acceptance
  • Risk avoidance
  • Risk Transfer
  • Risk mitigation
Comments
Paypal Donation

To keep up this site, we need your assistance. A little gift will help us alot.

Donate

- The more you give the more you receive.

Related Subject

Intrusion Detection System

Operating System Functions

Web Application Development

Web Systems Technologies

Web Development

Network Administration

Health Information Technology

Computer Information Systems

Computer Support Technician

Risk Management Applied to Safety Security and Sanitation

Property Management System

Investment and Portfolio Management

Information Assurance and Security 2

Information Assurance and Security 3

Information Management

Fundamentals of Database System

Fundamentals of Investigation and Intelligence

Cyber Security: Theories and Practice

Advanced Database Management Systems

Investment

Finance Market

Entrepreneurship Information

Procurement

Insurance

Emergency and Disaster Management

Venture Capital

Treasury Management

Security Analysis

Risk Management

Project Management

Engineering Economincs

Political Science

Public Service

Science Technology and Society

Business Ethics with Good Governance and Social Res

Quality Assurance Testing

Application Development and Emerging Technology

Tax Accounting Assistant

Medical Office Administration

Health Care Office Manager

Regulatory Framework and Legal Issues in Business

Object Oriented Programming Laboratory

Mobile Programming

Network Security

Management Information Systems

Managing Information and Technology

Mobile Application Design and Development

Mobile Application Design and Development 2

Living in the Information Technology Era

Mail and Web Services

Information Technology Practicum

Information Technology Capstone Project

Introduction to Computing

Intro to Hardware Description Language

Introduction to Human Computer

Introduction to Information Systems

Introduction to Multimedia

Integrative Programming and Technology 2

Internet Marketing and Entrepreneurship

Internet Technology in Real Estate

Information Systems Operations and Maintenance

Digital Imaging

Data Communications and Networking

Data Communications and Networking 2

Data Structures and Algorithms

Database Management System

Chemistry for Engineers

Computer Fundamentals

Animation Project

Load Testing


Show All Subject
Affiliate Links

Shopee Helmet

Shopee 3D Floor

Lazada Smart TV Box