Security awareness
Is the same a professional education
Is the same as background checks and verifying education
Makes it easy to find out who is a security risk
Begins the first day of employment
Base on the NIST Special Publication 800-30, integration of Risk Management into the SDLC consist of ------------phases
10
5
3
6
Base on the NIST Special Publication 800-30, The risk assessment methodology encompasses -------- primary steps
A. Five
B. Eight
C. Nine
D. Two
Base on the NIST Special Publication 800-30, integration of Risk, the control categories for both technical and nontechnical control methods can be further classified as:
A. Preventive and detective
B. preventive and defensive
C. defensive and detective
D. preventive and supportive
Which of the following is not a risk mitigation method?
A. Risk Assumption
B. Risk avoidance
C. Risk study
D. Risk limitation
The risk assessment process is usually repeated at least every ------ years for federal agencies, as mandated by OMB Circular A-130
six
five
four.
Three
Based on the MITRE Corporation’s Trusted Systems Concepts, A combination of hardware, software, and firmware that implements the Reference Monitor concept is called
Assurance system
Reference validation mechanism
Trusted computing systems
Trusted computing mechanism
The Biba model was developed to protect which of the following?
Availability
Integrity
Confidentiality
Access control
The Bell-LaPadula model was developed to protect which of the following?
A. Availability
B. Integrity
C. Confidentiality
D. Access Control
Which model is concerned with who is authorized to give access to file and folders to other users?
A. Clark-Wilson
B. Bell LaPadula
C. Biba
D. Take-Grant