5. The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is, A. accountability B. authenticity C. privacy D. integrity _ attacks attempt to alter system resources or affect their operation. A. Active B. Release of message content C. Passive D. Traffic analysis 7. A takes place when one entity pretends to be a different entity. A. passive attack B. masquerade C. modification of message D. replay 8. X.800 defines communicating open systems and that ensures adequate security of the systems or of data transfers. _as a service that is provided by a protocol layer of A. replay B. integrity C. authenticity D. security service is a professional membership society with worldwide organizational and individual membership that provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the IETF and the IAB. A. ITU-T B. ISO C. FIPS D. ISOC 9.

5. The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity is, A. accountability B. authenticity C. privacy D. integrity _ attacks attempt to alter system resources or affect their operation. A. Active B. Release of message content C. Passive D. Traffic analysis 7. A takes place when one entity pretends to be a different entity. A. passive attack B. masquerade C. modification of message D. replay 8. X.800 defines communicating open systems and that ensures adequate security of the systems or of data transfers. _as a service that is provided by a protocol layer of A. replay B. integrity C. authenticity D. security service is a professional membership society with worldwide organizational and individual membership that provides leadership in addressing issues that confront the future of the Internet and is the organization home for the groups responsible for Internet infrastructure standards, including the IETF and the IAB. A. ITU-T B. ISO C. FIPS D. ISOC 9.

Principles of Information Security (MindTap Course List)

6th Edition

ISBN:9781337102063

Author:Michael E. Whitman, Herbert J. Mattord

Publisher:Michael E. Whitman, Herbert J. Mattord

Chapter4: Planning For Security

Section: Chapter Questions

Problem 3E

See similar textbooks

Similar questions

Which is the MOST important to enable a timely response to a security breach? A. Knowledge sharing and collaboration B. Security event logging C. Roles and responsibilities D. Forensic analysis Correct Answer: B???? or C????? ______________________ Note ■ The official answer (could be incorrect because NO comes from ISACA!) is: "B. Security event logging". ■ Other experts claim that the correct answer is: "C. Roles and responsibilities". ■ This question, in my opinion, is unclear because:• B. Security event logging = is the correct answer if the context requested by the question is at an operational level, then SIEM, in this case, is very useful in fact thanks to SIEM the response to the incident at the operational level will be more efficient• C. Roles and responsibilities = is the correct answer if the context to which the question refers is the incident response plan (IRP), then it is evident that having an IRP that clarifies "who does what" (roles and responsibilities) then the…
The following assets should be examined and assigned a level of effect ranging from low to moderate to high depending on the degree of secrecy and integrity lost, as well as availability lost. Justify your responses to a. This is an organization that manages public information on its website server. an investigational information management organization that deals with highly sensitive investigative material.c. A financial entity that manages regular administrative information (not information pertaining to personal privacy).
Assuming that we had to place our current Yoga application into production, with the addition of the firewall we installed identity three(3) significant and distinct areas for which our application and its environment is still vulnerable, and list some possible ways we would need to protect those vulnerabilities? Be sure to be specific, thorough, and use critical thinking. Imagine this is for your boos, and your job depends on it, but keep it limited to just three paragraphs. Each paragraph should clearly list a vulnerability and at least one mitigation for each. Expected length: 3 well-formed but concise paragraphs.
Select one of the four cybersecurity risk scenarios, (i.e., 1) Malware, 2) Identify Theft, 3) Ransomware, or 4) Business Email Compromise. Identify 5 controls from the list below that could used in a layered or "defense in depth" strategy. Anti-virus software Anti-malware Authentication Multifactor Authentication File Back Ups or cloud storage Password Manager app Credit Freeze Encryption File Integrity Monitoring Firewall Identification Authentication Identity Theft Protection or Insurance Intrusion Detection/Alerts Password Policies (e.g., password strength and rotation) Redundancy Risk Assessment Software Patching/Patch Management system Spam Filter App permissions Anti-phishing training program System Logging VPN software Physical security Screen locking of device WiFi security Step 2 Define each of the 5 selected security measures, identify whether it is a preventative, detective, or corrective measure, and justify your selection of control measures. Fill in the table…
Q(6) Hi there, Please answer all the two multiple choice questions. No written explanation needed for all the questions. Thank you in advance. [31] A security administrator is responsible for performing periodic reviews of user permission settings due to high turnover and internal transfers at a corporation Which of the following BEST describes the procedure and security rationale for performing such reviews? A. Review all user permissions and group memberships to ensure only the minimum set of permissions required to perform a job is assigned. B. Review the permissions of all transferred users to ensure new permissions are granted so the employee can work. C. Ensure all users have adequate permissions and appropriate group memberships, so the volume of help desk calls is reduced. D. Ensure former employee accounts have no permissions so that they cannot access any network file stores and resources. [32] A security manager requires fencing around the perimeter, and cipher locks on…
Q(2) Hi there, Please answer all the five multiple choice questions. No written explanation needed for all the questions. Thank you in advance. [6] Which of the following risk mitigation strategies will allow Ann, a security analyst, to enforce least privilege principles? A User rights reviews B. Incident management C. Risk based controls D. Annual loss expectancy [7] A forensic analyst is reviewing electronic evidence after a robbery. Security cameras installed at the site were facing the wrong direction to capture the incident. The analyst ensures the cameras are turned to face the proper direction. Which of the following types of controls is being used? A. Detective B. Deterrent C. Corrective D. Preventive [8] A company that purchased an HVAC system for the datacenter is MOST concerned with which of the following? A. Availability B. Integrity C. Confidentiality D. Fire…
Please answer all the three choosing the answer option. Thanks a lot in advance. 4. _____________ It is a system of security tools that is used to recognize and identify data that is critical to the organization and that it is protected. a) Data loss Prevention b)Nework Access Control c) Communication on a VLAN d) Air Gap 60) __________________ Anomaly recognition usually causes more false positives than signature based IDs. Answer: True or False 51) Which of the following is correct about security and Information Event Management SIEM? a) SIEM can be separate device b) SIEM can be a software that runs on a computer c) SIEM can be a service that is providing by a third party d) all 53) ___________System Restore is available to backup system and application files. Answer : True or False
Task 1: Provide 5 reasons why general software updates and patches are important. Explain your answer Task 2: Is there a difference between a data breach and a privacy breach? Explain your answer. Task 3: your book talked about security issues with car automation. Why would that be of any concern for information security professionals? Task 4: we discussed Transitive Trust. And we covered so many different types of attacks. Do you think that there may be an attack on Trust? Explain your answer.
Select ONE of the FOUR cybersecurityl scenrios, i,e., 1) MALWARE, 2) IDENTIFY THEFT, 3) RANSOM WARE, OR 4) BUSINESS EMAIL COMPROMISE. (I choose e-mail compromise). Identify 5 CONTROLS from the list below that could used in a layered or "defense in depth" strategy. Anti-virus software Anti-malware software Multifactor Authentication File Back Ups or small cloud storage Password Manager app Credit Freeze Encyrption File Integrity Monitoring Firewall Identification Authentication Identity Theft Protection or Insurance Intrusion Detection/Alerts Password Policies (e.g., password strenthgs and rotation) Redundancy Risk Assessment Software Patching/Patch Management system Spam Filter App permissions Anti-phising training program System logging VPN software Physical security Screen locking of device WiFi securtiy Step 2 DEFINE EACH OF THE 5 SELECTED SECURITY MEASURES IDENTIFY WHETHER IT IS A PREVENTATIVE, DETECTIVE or CORRECTIVE MEASURE, and JUSTIFY YOUR SELECTION OF CONTROL MEASURES.…
Research one instance of a security breach that occurred for each of the best practices of access control (separation of duties, job rotation, least privilege, and implicit deny). Write a short summary of the breach. Rank the four best practices from most effective to the least. Why did you rank them this way?
A company sells products through its webpage. An attacker finds a way to inject commands into their website and retrieve information. The company stores its data unencrypted and uses a weak password for the main server. The company lost major customers’ information due to a hacking incident. From the above scenario, A. Which CIA security model elements were affected in this scenario? a.Define and identify the threat, vulnerability, and impact in this scenario? b.Suggestsome security controls, at least 3, that can be used to secure the system.
Describe a recent access control or authentication-related security lapse that has received media attention. What type of impacts did it have on the business's operations? What precise losses has the company accumulated?