30 Questions
What should drive the selection and implementation of security controls in EISA?
Business requirements
What is a key component for achieving secure application development according to the text?
Penetration testing
At what stage does EISA guidance become essential in a system's lifecycle?
Design stage
What is a fundamental principle that EISA should be based on?
Risk-based approach
Which factor should determine the security levels applied to data and resources according to the text?
Business value
What is an often neglected aspect of achieving secure application development according to the text?
Architectural risk analysis
What is the main purpose of an Enterprise Information Security Architecture (EISA)?
To establish the strategy for protecting sensitive data and critical resources
Which is a key component of the modern approach to security architecture mentioned in the text?
Separating internal environment based on sensitivity
What is the traditional approach to security architecture mostly focused on?
Protecting the internal from the external environment
Why must an EISA be driven by business requirements?
To maintain required levels of Confidentiality, Integrity, Availability, and Accountability (CIAA)
Which of the following does NOT represent a key feature of Enterprise Information Security Architecture?
Installing point solutions for each security need
How does the modern approach to security architecture differ from the traditional approach?
By separating portions of the internal environment based on sensitivity
What is a security zone in the context of auditing?
A grouping of resources sharing the same risk profile and business function.
Why are boundaries between security zones implemented using security controls?
To filter inbound or outbound communications and control access to sensitive resources.
What guides the decision to place a resource into a security zone?
The need to avoid risk exposure.
How should data move between resources or components in different security zones?
Via a security control or service, even if they remain within the same security zone.
What is a key factor in determining the placement of security zone boundaries and controls?
The risk profile of shared resources.
Why are resources often grouped based on zones?
To simplify risk management as resources sharing the same risk profile are together.
What is the main purpose of patterns and baselines in guiding risk architecture decisions?
Provide guidance in making risk architecture decisions
Which of the following is an example of 'Infrastructure Common Services' based on the text?
LDAP directory services
What is the significance of distinguishing between External vs. Internal Traffic according to the text?
To establish logical controls for risk management
What does 'Transitive Risk' refer to according to the text?
Risk from neighboring or related resources
Why is it important to consider differing risk sensitivity levels when systems communicate in an enterprise environment?
To manage the risks associated with systems of differing sensitivity levels
'Services may have different interfaces to the outside world, and therefore different risk exposures' implies using which security strategy according to the text?
Least privilege principle
What must be done if a security zone boundary is traversed during data movement?
Enforce security controls to preserve C-I-A-A needs
In the context of data movement rules, what does Rule 3 state about the initiator and recipient of communication?
Both parties can impose security constraints on each other
What is one of the threats that trust relationships in information flow may present to a certain resource?
Mismatch in privilege levels
What do patterns and baselines provide in the context of data management?
Patterns represent recurring themes in data movement
When a new application tries to make changes to a system within the 'local' Windows zone, what should the user do?
Deny authorization for changes
What should be done if secure communication is imposed on the client's browser by a website?
Retrieve and verify the website's digital certificate from the CA
Test your knowledge on the blueprint for security with an emphasis on security architecture, risk assessments, and defense mechanisms. Explore traditional and modern approaches to security perimeter, design, and implementation.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free