Assignment Instructions
Part 1: Using Credible Sources, Justify Your Answers to Questions
Answer the following 12 questions by selecting the one best answer for each. Cite your course texts, or other credible source, and provide a 50- to 100-word explanation of why you chose your answer for each question.
- Which statement is true of the dedicated security mode?
- All users have the clearance and formal approval required to access all the data.
- Some users have the clearance and formal approval required to access all the data.
- All users have the clearance and formal approval required to access some of the data.
- Which statement is true of a multilevel security mode?
- The multilevel security mode involves the use of sensitivity labels.
- The multilevel security mode is based on role-based memberships.
- The multilevel security mode is represented by the Chinese Wall model.
- Which processes define the supervisor mode?
- Processes with no protection mechanism.
- Processes that are executed in the outer protection rings.
- Processes that are executed in the inner protection rings.
- What happens when a trusted computing base (TCB) failure occurs as a result of a lower-privileged process trying to access restricted memory segments?
- The system reboots immediately.
- The system goes into maintenance mode.
- Administrator intervention is required.
- Which statement is true of covert channels?
- A covert channel is addressed by a C2 rating provided by TCSEC.
- A covert channel is not controlled by a security mechanism.
- A covert channel acts a trusted path for authorized communication.
- What type of channel is used when one process writes data to a hard drive and another process reads it?
- Covert timing channel
- Covert storage channel
- Overt timing channel
- What is another name for an asynchronous attack?
- Buffer overflow
- Maintenance hook
- Time-of-check/time-of-use (TOC/TOU) attack
- What is meant by the term “fail safe”?
- A system’s ability to recover automatically through a reboot
- A system’s ability to preserve a secure state before and after failure
- A system’s ability to terminate processes when a failure is identified
- Which term is an evaluation of security components and their compliance prior to formal acceptance?
- Accreditation
- Security control
- Certification
- There are several types of audits used in various situations that you might encounter in the enterprise. Which type of audit would include audits in support of SOX, HIPAA, or SAS 70?
- Compliance audits
- Forensic audits
- Operational audits
- Which of the following statements correctly describes qualitative risk analysis methods?
- Qualitative analysis is based on categories such as low, medium, or high.
- Qualitative risk analysis uses value at risk.
- Qualitative analysis is based on calculations.
- Which of the following statements best describes an attribute for effective risk management strategy?
- Risk awareness communication may not be required at each step of the risk management process.
- Effective risk management activities should not be supported on ongoing activities by all the members of organization.
- Risk management strategy must be an integrated business process with defined objectives that incorporates all of the organization’s risk management processes.
Assignment Requirements
Answers contain enough information to adequately answer the questions and contain no spelling, grammar, or APA errors. For more information on APA style formatting, refer to the resources in the Academic Tools area of this course.