RTU College of Engineering and Architecture Midterm Exam on Information Assurance and Security

Questions and Answers

PDF Questions PDF Answers

Uses an access matrix of subject and labeled objects. ___________ MODEL 11.

BELLLAPADULA

This model is to secure the confidentiality of data with respect to different levels of secrecy. ___________ MODEL 10.

BELLLAPADULA

Secret can't request from top secret use. ___________ PROPERTY 12.

INVOCATION

A process wherein the user needs to fully verify the data they requested before they get access to it. INTEGRATION VERIFICATION ___________ 15.

PROCESS

The law that outlines important measures the government should take to protect its own systems from various assaults. COMPUTER ___________ ACT 20.

SECURITY

They offer a structure for defending against online dangers including illegal access and data breaches. ___________ STANDARDS 22.

SECURITY

It includes physical approaches in addition to digital ones for data protection. INFORMATION ______

ASSURANCE

One of the importance aspects of INFORMATION ______ is to prevent cyber-attacks by utilizing firewalls and other deterrents.

SECURITY

It involves measures to maintain data accessible despite system errors and intervention from outside sources. ______

AVAILABILITY

It ensures that system information is not given to unauthorized access and is only read and understood by people with the appropriate authorizations. ______

CONFIDENTIALITY

This group is in charge of making sure that the concerns of stakeholders are addressed and has representation from across the institution. STEERING ______

COMMITTEE

This group develops strategies and ensures integration with and cooperation of business unit managers and process owners. ______

EXECUTIVES

This level of data includes internal information like operating while essential to an organization, ______.

processes

Standard that is Developed by the ______ Institute of Standards and Technology (NIST).

National

It also hides your IP address, allowing you to browse the web anonymously and ______.

securely

It also helps to ensure that data is compliant with applicable laws and ______.

regulations

This act covers computer crimes that are perpetrated in international trade and ______.

commerce

It's the knowledge of right and wrong, and the ability to adhere to ______ principles while on the job.

ethical

The following are the capabilities of BIBA Security model in keeping the information safe. EXCEPT a.Access can grant easily regardless the level of access control b.Ensure data integrity c.Authentication prevents unauthorized users.d.Has it’s invocation property when it comes to request service 34.Digital markers help systems because they make it easier to identify sensitive information before it leaks out of an organization. a.CIA b.ISO c.DLP d.GDRP RIZAL TECHNOLOGICAL UNIVERSITY Boni Ave, Mandaluyong City College of Engineering and Architecture 35.Is a certain type of data that may be recorded in any format and has the potential to be useful to a company. a.Information Handling b.Data Asset c.Data Hiding d.Information Asset 36.It represents all the information that is available to most of the employees, but not to all of them. a.Restricted Information b.Limited Information c.Classified Data d.Constrained Data 37.The following are the key elements of security guidelines. EXCEPT a.Implement access controls b.Conduct a risk assessment c.Third-Party Security d.Information Restrictions 38.It is essential that you develop a method to ensure that the information is only given to those who are listed on the list of approved recipients. a.Authorized Recipients Data b.Data Access Control c.Data Distribution d.Clear Marking 39.is a process to decide what information should be classified as what and how, and how it should be managed. a.______ b.

Data Asset Classification

Digital markers help systems because they make it easier to identify sensitive information before it leaks out of an organization. a.______ b.ISO c.DLP d.GDRP

CIA

Is a certain type of data that may be recorded in any format and has the potential to be useful to a company. a.______ b.Data Asset c.Data Hiding d.Information Asset

Information Handling

It represents all the information that is available to most of the employees, but not to all of them. a.______ b.Limited Information c.Classified Data d.Constrained Data

Restricted Information

The following are the key elements of security guidelines. EXCEPT a.Implement access controls b.Conduct a risk assessment c.______ d.Information Restrictions

Third-Party Security

It is essential that you develop a method to ensure that the information is only given to those who are listed on the list of approved recipients. a.______ b.Data Access Control c.Data Distribution d.Clear Marking

Authorized Recipients Data

Information Classification c.Information Asset Classification d.Data Classification 40.It is the person who is in charge of, accountable for, and interested in the gathering, integrity, and accessibility of information.a.Data Owner b.System Owner c.Data Custodian d.Security Administrator RIZAL TECHNOLOGICAL UNIVERSITY Boni Ave, Mandaluyong City College of Engineering and Architecture TRUE OR FALSE: Read and analyze the following statement and write T if it’s true otherwise F if false in the space provided. 41.The main objective of BIBA Security model is the confidentiality of all the information or data in the system.FALSE 42.Design a system that is resilient to denial of service attacks and usage spikes.TRUE 43.Star Confidentiality Rule states that the user can only Read the files on the Same Layer of Secrecy and the Upper Layer of Secrecy but not the Lower Layer of Secrecy, due to which we call this rule as NO WRITE-DOWN.FALSE 44.Graham–Denning is primarily concerned with how a model system controls subjects and objects at a very basic level where other models simply assumed such control.TRUE 45.In Bell-Lapadula systems are divided into User and labeled Data.TRUE 46.Information assurance investments are intended to support organizational objectives.FALSE 47.One of the effective governance in security is Establishing the proper institutional structure and segregation of duties.FALSE 48.