1. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 1
1. A security blueprint is the outline of the more thorough security framework.
a. True
b. False
ANSWER: True
2. Separation of duties is the principle by which members of the organization can access the minimum amount of
information for the minimum amount of time necessary to perform their required duties.
a. True
b. False
ANSWER: False
3. Lattice-based access controlspecifies the level of access each subject has to each object, if any.
a. True
b. False
ANSWER: True
4. Under the Clark-Wilson model, internal consistency means that the system is consistent with similar data in the outside
world.
a. True
b. False
ANSWER: False
5. Information Technology Infrastructure Library provides guidance in the development and implementation of an
organizational InfoSec governance structure.
a. True
b. False
ANSWER: False
6. In information security, a framework or security model customized to an organization, including implementation details
is known as a floorplan. _____________
ANSWER: False - blueprint
7. The information security principle that requires significant tasks to be split up so that more than one individual is
required to complete them is called isolation of duties. ____________
ANSWER: False - separation
8. In information security, a specification of a model to be followed during the design, selection, and initial and ongoing
implementation of all subsequent security controls is known as a blueprint. ____________
ANSWER: False - framework
9. A security monitor is a conceptual piece of the system within the trusted computer base that manages access controls—
in other words, it mediates all access to objects by subjects. ____________
ANSWER: False - reference
10. The Information Technology Infrastructure Library (ITIL) is a collection of policies and practices for managing the
development and operation of IT infrastructures. ____________
ANSWER: False - methods
2. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 2
11. A person's security clearance is a personnel security structure in which each user of an information asset is assigned an
authorization level that identifies the level of classified information he or she is cleared to access. ____________
ANSWER: True
12. Dumpster delving is an information attack that involves searching through a target organization’s trash and recycling
bins for sensitive information. ____________
ANSWER: False - diving
13. In a lattice-based access control, a restriction table is the row of attributes associated with a particular subject (such as
a user). ____________
ANSWER: False - capabilities
14. The principle of limiting users’ access privileges to the specific information required to perform their assigned tasks is
known as need-to-know. ____________
ANSWER: True
15. The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform
only the minimum data manipulation necessary is known as minimal privilege. ____________
ANSWER: False - least
16. Which of the following is a generic blueprint offered by a service organization which must be flexible, scalable,
robust, and detailed?
a. framework b. security model
c. security standard d. both A & B are correct
ANSWER: d
17. Which access controlprinciple specifies that no unnecessary access to data exists by regulating members so they can
perform only the minimum data manipulation necessary?
a. need-to-know b. eyes only
c. least privilege d. separation of duties
ANSWER: c
18. Which access controlprinciple limits a user’s access to the specific information required to perform the currently
assigned task?
a. need-to-know b. eyes only
c. least privilege d. separation of duties
ANSWER: a
19. Which of the following specifies the authorization classification of information asset an individual user is permitted to
access, subject to the need-to-know principle?
a. Discretionary access controls b. Task-based access controls
c. Security clearances d. Sensitivity levels
ANSWER: c
20. Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the
following?
3. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 3
a. preventative b. deterrent
c. corrective d. compensating
ANSWER: c
21. Which of the following is NOT a category of access control?
a. preventative b. mitigating
c. deterrent d. compensating
ANSWER: b
22. Which control category discourages an incipient incident?
a. preventative b. deterrent
c. remitting d. compensating
ANSWER: b
23. Which of the following is NOT one of the three levels in the U.S. military data classification scheme for National
Security Information?
a. confidential b. secret
c. top secret d. for official use only
ANSWER: d
24. Which type of access controls can be role-based or task-based?
a. constrained b. content-dependent
c. nondiscretionary d. discretionary
ANSWER: c
25. Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is
referred to as which of the following?
a. access controllist b. capabilities table
c. access matrix d. sensitivity level
ANSWER: a
26. In which form of access controlis access to a specific set of information contingent on its subject matter?
a. content-dependent access controls b. constrained user interfaces
c. temporal isolation d. None of these
ANSWER: a
27. A time-release safe is an example of which type of access control?
a. content-dependent b. constrained user interface
c. temporal isolation d. nondiscretionary
ANSWER: c
28. Which security architecture model is part of a larger series of standards collectively referred to as the “Rainbow
Series”?
a. Bell-LaPadula b. TCSEC
c. ITSEC d. Common Criteria
4. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 4
ANSWER: b
29. Which piece of the Trusted Computing Base's security system manages access controls?
a. trusted computing base b. reference monitor
c. covert channel d. verification module
ANSWER: b
30. Under the Common Criteria, which term describes the user-generated specifications for security requirements?
a. Target of Evaluation (ToE)
b. Protection Profile (PP)
c. Security Target (ST)
d. Security Functional Requirements (SFRs)
ANSWER: b
31. Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than
lower ones.
a. Clark-Wilson b. Bell-LaPadula
c. Common Criteria d. Biba
ANSWER: d
32. Which of the following is NOT a change control principle of the Clark-Wilson model?
a. No changes by unauthorized subjects
b. No unauthorized changes by authorized subjects
c. No changes by authorized subjects without external validation
d. The maintenance of internal and externalconsistency
ANSWER: c
33. Which of the following is the primary purpose of ISO/IEC 27001:2005?
a. Use within an organization to formulate security requirements and objectives
b. Implementation of business-enabling information security
c. Use within an organization to ensure compliance with laws and regulations
d. To enable organizations that adopt it to obtain certification
ANSWER: d
34. Which of the following provides advice about the implementation of sound controls and control objectives for
InfoSec, and was created by ISACA and the IT Governance Institute?
a. COBIT b. COSO
c. NIST d. ISO
ANSWER: a
35. The COSO framework is built on five interrelated components. Which of the following is NOT one of them?
a. Control environment b. Risk assessment
c. Control activities d. InfoSec Governance
ANSWER: d
5. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 5
36. To design a security program, an organization can use a(n) ____________________, which is a generic outline of the
more thorough and organization-specific blueprint offered by a service organization.
ANSWER: security model
37. ISO/IEC 27001 provides implementation details on how to implement ISO/IEC 27002 and how to set up a(n)
____________________.
ANSWER: information security management systems
ISMS
38. The ____________________ principle is based on the requirement that people are not allowed to view data simply
because it falls within their level of clearance.
ANSWER: need to know
need-to-know
39. ____________________ channels are unauthorized or unintended methods of communications hidden inside a
computer system, and include storage and timing channels.
ANSWER: Covert
40. In the COSO framework, ___________ activities include those policies and procedures that support management
directives.
ANSWER: control
41. Access controls are build on three key principles. List and briefly define them.
ANSWER: Least privilege: The principle by which members of the organization can access the minimum amount of
information for the minimum amount of time necessary to perform their required duties.
Need-to-know: Limits a user’s access to the specific information required to perform the currently assigned
task, and not merely to the category of data required for a general work function.
Separation of duties: A control requiring that significant tasks be split up in such a way that more than one
individual is responsible for their completion.
42. There are seven access controls methodologies categorized by their inherent characteristics. List and briefly define
them.
ANSWER:
• Directive—Employs administrative controls such as policy and training designed to
proscribe certain user behavior in the organization
• Deterrent—Discourages or deters an incipient incident; an example would be signs that
indicate video monitoring
• Preventative—Helps an organization avoid an incident; an example would be the
requirement for strong authentication in access controls
• Detective—Detects or identifies an incident or threat when it occurs; for example,
anti-malware software
• Corrective—Remedies a circumstance or mitigates damage done during an incident;
for example, changes to a firewall to block the recurrence of a diagnosed attack
• Recovery—Restores operating conditions back to normal; for example, data backup
and recovery software
• Compensating—Resolves shortcomings; such as requiring the use of encryption for
transmission of classified data over unsecured networks
6. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 6
43. Lattice-based access controls use a two-dimensional matrix to assign authorizations, what are the two dimensions and
what are they called?
ANSWER: Lattice-based access controlspecifies the level of access each subject has to each object, if any. With this type
of control, the column of attributes associated with a particular object (such as a printer) is referred to as an
access controllist (ACL). The row of attributes associated with a particular subject (such as a user) is referred
to as a capabilities table.
44. What are the two primary access modes of the Bell-LaPadula model and what do they restrict?
ANSWER: BLP access modes can be one of two types: simple security and the * (star) property.
Simple security (also called the read property) prohibits a subject of lower clearance from reading an object of
higher classification, but allows a subject with a higher clearance level to read an object at a lower level (no
read up).
The * property (the write property), on the other hand, prohibits a high-level subject from sending messages to
a lower-level object. In short, subjects can read down and objects can write or append up (no write down).
45. What are the five principles that are focused on the governance and management of IT as specified by COBIT 5?
ANSWER: Principle 1: Meeting Stakeholder Needs
Principle 2: Covering the Enterprise End-to- End
Principle 3: Applying a Single, Integrated Framework
Principle 4: Enabling a Holistic Approach
Principle 5: Separating Governance From Management
46. According to COSO, internal control is a process designed to provide reasonable assurance regarding the achievement
of objectives in what three categories?
ANSWER: Effectiveness and efficiency of operations
Reliability of financial reporting
Compliance with applicable laws and regulations
47. One approach used to categorize access control methodologies categorizes controls based on their operational impact
on the organization. What are these categories as described by NIST?
ANSWER: Management
Operational (or administrative)
Technical
48. What is the data classification for information deemed to be National Security Information for the U.S. military as
specified in 2009 in Executive Order 13526?
ANSWER:
For most information, the U.S. military uses a three-level classification scheme for information deemed to be
National Security Information (NSI), as defined in Executive Order 12958 in 1995 and Executive Order 13526
in 2009. Here are the classifications along with descriptions from the document: Sec. 1.2. Classification
Levels. (a) Information may be classified at one of the following three levels: 1) “Top Secret” shall be applied
to information, the unauthorized disclosure of which reasonably could be expected to cause exceptionally
grave damage to the national security that the original classification authority is able to identify or describe. 2)
“Secret” shall be applied to information, the unauthorized disclosure of which reasonably could be expected to
cause serious damage to the national security that the original classification authority is able to identify or
describe. 3) “Confidential” shall be applied to information, the unauthorized disclosure of which reasonably
could be expected to cause damage to the national security that the original classification authority is able to
identify or describe.
7. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 7
49. When copies of classified information are no longer valuable or too many copies exist, what steps should be taken to
destroy them properly? Why?
ANSWER: When copies of classified information are no longer valuable or too many copies exist, care should be taken to
destroy them properly, usually after double signature verification. Documents should be destroyed by means
of shredding, burning, or transfer to a service offering authorized document destruction. Policy should ensure
that no classified information is inappropriately disposed of in trash or recycling areas. Otherwise, people who
engage in dumpster diving, the retrieval of information from refuse or recycling bins, may compromise the
security of the organization’s information assets.
50. Under what circumstances should access controls be centralized vs. decentralized?
ANSWER: One area of discussion among practitioners is whether access controls should be centralized or decentralized.
A collection of users with access to the same data typically has a centralized access control authority, even
under a DAC model. The level of centralization appropriate to a given situation varies by organization and the
type of information protected. The less critical the protected information, the more controls tend to be
decentralized. When critical information assets are being protected, the use of a highly centralized access
control toolset is indicated.
a. blueprint
b. DAC
c. content-dependent access controls
d. rule-based access controls
e. separation of duties
f. sensitivity levels
g. storage channels
h. task-based controls
i. timing channels
j. TCB
51. Controls access to a specific set of information based on its content.
ANSWER: c
52. A TCSEC-defined covert channel, which transmit information by managing the relative timing of events.
ANSWER: i
53. Ratings of the security level for a specified collection of information (or user) within a mandatory access control
scheme.
ANSWER: f
54. A framework or security model customized to an organization, including implementation details.
ANSWER: a
55. A form of nondiscretionary control where access is determined based on the tasks assigned to a specified user.
ANSWER: h
56. Within TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy.
ANSWER: j
8. Name: Class: Date:
Chapter 08 - Security Management Models
Copyright Cengage Learning. Powered by Cognero. Page 8
57. Requires that significant tasks be split up in such a way that more than one individual is responsible for their
completion.
ANSWER: e
58. Controls implemented at the discretion or option of the data user.
ANSWER: b
59. One of the TCSEC’s covert channels, which communicate by modifying a stored object.
ANSWER: g
60. Access is granted based on a set of rules specified by the centralauthority.
ANSWER: d