Fundamental Security Services and Controls

Questions and Answers

What are the three pervasive principles that should influence security guidelines, standards, designs, and control decisions?

• Least Privilege, Defense in Depth, Separation of Duties (correct)
• Data at Rest, Data in Transit, Data in Process
• Failure Condition, Modularity, Standardization
• Preventative, Detective, Responsive

In information security, how many categories of controls are there?

• Five
• Three (correct)
• Seven
• Ten

What should security controls focus on protecting based on the states mentioned?

• Sensitive information (correct)
• Operational constraints
• Technical controls
• Security guidelines

According to the Failure Condition Principle, what capability should controls have?

Capability to be shut down gracefully and restored automatically (C)

Which Security Control Principles describe the general requirements and objectives for any technical controls as part of risk mitigation?

Failure Condition, Modularity, Standardization (D)

What is the purpose of the compartmentalization principle?

To establish boundaries and isolation from dissimilar entities (D)

What is an example of implementing the modularity principle?

Designing security software with modular components such as firewalls and antivirus (B)

What does the standardization principle aim to achieve?

Minimize the need for exceptions in applying controls across the organization (D)

What is the primary focus of balanced operational constraints?

Balance between control strength and impact on service delivery (A)

What does the principle of redundant configurations ensure?

Continuous network services in the event of a router failure (B)

What is the purpose of the Failure Condition Principle?

To provide provisions for graceful shutdown and automatic restoration (B)

What does the modularity principle allow for?

Removal or modification of safeguards as risks profile change (C)

According to the standardization principle, what is the goal of control selection?

To build upon previous control selections to reduce complexity and maximize economic benefits (B)

What is the purpose of compartmentalization in information security?

To isolate sensitive resources and minimize the spread of a security breach (A)

What is the essential aspect of balanced operational constraints?

Balancing control strength and impact on service delivery (C)

What is the primary focus of the Least Privilege principle in information security?

Limiting access rights to what is necessary for the user's role (C)

In information security, which state of data would likely have different threats and vulnerabilities?

All states have the same threats and vulnerabilities (D)

What is the main objective of the Separation of Duties principle in information security?

Ensuring that no single individual has complete control over a process (C)

What is the purpose of the Security Control Principles in information security?

To describe general requirements and objectives for technical controls in risk mitigation (A)

What is the main focus of the Defense in Depth principle in information security?

Utilizing multiple layers of security controls (C)

Flashcards are hidden until you start studying