Which of the following is not a type of security control?
Directive Controls
Effective Controls
Preventive Controls
Corrective Controls
FIPS Publication 199 requires agencies to categorize their information system as
Low-impact
Medium-impact
High-impact
All of the above
Based on the FIPS PUB 200 The minimum security requirements cover -----------security -related areas with regard to protecting the confidentiality, integrity, and availability of federal information systems and the information processed, stored, and transmitted by those systems
17
3
12
5
Federal agencies will have up to -----------year(s) from the date of final NIST Special Publication 800-53to fully comply with the changes but are encouraged to initiate compliance activities immediately.
Four
Three
Two
One
Security awareness
Is the same a professional education
Is the same as background checks and verifying education
Makes it easy to find out who is a security risk
Begins the first day of employment
Base on the NIST Special Publication 800-30, integration of Risk Management into the SDLC consist of ------------phases
10
5
3
6
Base on the NIST Special Publication 800-30, The risk assessment methodology encompasses -------- primary steps
A. Five
B. Eight
C. Nine
D. Two
Base on the NIST Special Publication 800-30, integration of Risk, the control categories for both technical and nontechnical control methods can be further classified as:
A. Preventive and detective
B. preventive and defensive
C. defensive and detective
D. preventive and supportive
Which of the following is not a risk mitigation method?
A. Risk Assumption
B. Risk avoidance
C. Risk study
D. Risk limitation
The risk assessment process is usually repeated at least every ------ years for federal agencies, as mandated by OMB Circular A-130
six
five
four.
Three
Based on the MITRE Corporationâs Trusted Systems Concepts, A combination of hardware, software, and firmware that implements the Reference Monitor concept is called
Assurance system
Reference validation mechanism
Trusted computing systems
Trusted computing mechanism
The Biba model was developed to protect which of the following?
Availability
Integrity
Confidentiality
Access control
The Bell-LaPadula model was developed to protect which of the following?
A. Availability
B. Integrity
C. Confidentiality
D. Access Control
Which model is concerned with who is authorized to give access to file and folders to other users?
A. Clark-Wilson
B. Bell LaPadula
C. Biba
D. Take-Grant