You work as a security manager for BlueWell Inc. You are performing the external vulnerability testing, or penetration testing to get a better snapshot of your organization's security posture. Which of the following penetration testing techniques will you use for searching paper disposal areas for unshredded or otherwise improperly disposed-of reports?
Dumpster diving technique is used for searching paper disposal areas for unshredded or otherwise improperly disposed-of reports.
Answer B is incorrect. In scanning and probing technique, various scanners, like a port scanner, can reveal information about a
network's infrastructure and enable an intruder to access the network's unsecured ports.
Answer D is incorrect. Demon dialing technique automatically tests every phone line in an exchange to try to locate modems that are
attached to the network.
Answer A is incorrect. In sniffing technique, protocol analyzer can be used to capture data packets that are later decoded to collect
information such as passwords or infrastructure configurations.
Which of the following activities are performed by the 'Do' cycle component of PDCA (plan-do-check-act)?
Each correct answer represents a complete solution. Choose all that apply.
The 'Do' cycle component performs the following activities:
It operates the selected controls.
It detects and responds to incidents properly.
It performs security awareness training.
It manages resources that are required to achieve a goal.
Answer B is incorrect. This activity is performed by the 'Plan' cycle component of PDCA.
A security policy is an overall general statement produced by senior management that dictates what role security plays within the
organization. Which of the following are required to be addressed in a well designed policy?
Each correct answer represents a part of the solution. Choose all that apply.
A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what
role security plays within the organization.
A well designed policy addresses the following:
What is being secured? - Typically an asset.
Who is expected to comply with the policy? - Typically employees.
Where is the vulnerability, threat, or risk? - Typically an issue of integrity or responsibility.
The mission and business process level is the Tier 2. What are the various Tier 2 activities?
Each correct answer represents a complete solution. Choose all that apply.
The mission and business process level is the Tier 2. It addresses risks from the mission and business process perspective. It is guided by the
risk decisions at Tier 1. The various Tier 2 activities are as follows:
It defines the core missions and business processes for the organization.
It also prioritizes missions and business processes, with respect to the goals and objectives of the organization.
It defines the types of information that an organization requires, to successfully execute the stated missions and business processes.
It helps in developing an organization-wide information protection strategy and incorporating high-level information security
requirements.
It specifies the degree of autonomy for the subordinate organizations.
You work as an analyst for Tech Perfect Inc. You want to prevent information flow that may cause a conflict of interest in your organization representing competing clients. Which of the following security models will you use?
The Chinese Wall Model is the basic security model developed by Brewer and Nash. This model prevents information flow that may cause a
conflict of interest in an organization representing competing clients. The Chinese Wall Model provides both privacy and integrity for data.
Answer D is incorrect. The Biba model is a formal state transition system of computer security policy that describes a set of access
control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. The model is designed so that
subjects may not corrupt data in a level ranked higher than the subject, or be corrupted by data from a lower level than the subject.
Answer C is incorrect. The Clark-Wilson model provides a foundation for specifying and analyzing an integrity policy for a computing
system. The model is primarily concerned with formalizing the notion of information integrity. Information integrity is maintained by preventing
corruption of data items in a system due to either error or malicious intent.
The model's enforcement and certification rules define data items and processes that provide the basis for an integrity policy. The core of the
model is based on the notion of a transaction.
Answer A is incorrect. The Bell-La Padula Model is a state machine model used for enforcing access control in government and military
applications. The model is a formal state transition model of computer security policy that describes a set of access control rules which use
security labels on objects and clearances for subjects. Security labels range from the most sensitive (e.g.,'Top Secret'), down to the least
sensitive (e.g., 'Unclassified' or 'Public').
The Bell-La Padula model focuses on data confidentiality and controlled access to classified information, in contrast to the Biba Integrity Model
which describes rules for the protection of data integrity.
Camellia
22 days agoDortha
2 months agoRodrigo
3 months agoGarry
4 months agoRonny
4 months agoParis
5 months agoAja
5 months agoLazaro
6 months agoTawanna
6 months agoCarissa
6 months agoWynell
7 months agoMabelle
7 months agoAshley
7 months agoShenika
7 months agoNicolette
7 months agoTerina
8 months agoDustin
8 months agoMarylin
8 months agoDulce
8 months agoCarmela
8 months agoLeah
8 months agoErinn
9 months agoLarue
10 months agoRochell
11 months agoElli
11 months ago