Cybersecurity Quiz: Risk Management, Models, and Controls

Verified

Added on 2019/09/22

AI Summary

This cybersecurity quiz assesses understanding of various concepts in cybersecurity risk management. The quiz covers topics such as the three-tiered approach to DCMA cybersecurity risk management, security controls, and information assurance. Questions test knowledge on security principles, including the CIA triad, security models like Bell-LaPadula and Biba, and risk analysis processes. Additional topics include security policies, operating system functions, and the Trusted Computing Base (TCB). The quiz includes true/false questions, multiple-choice questions, and questions related to security models and frameworks. The questions cover fundamental concepts of cybersecurity, including risk management, security controls, and security models.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

1. There is a three tiered approach to Defense Contract Management Agency (DCMA) cybersecurity risk
management. TRUE
2. There is no one correct set of security controls that address es all organizational security concerns in all
situations. FALSE
3. Masquerading or spoofing, an impersonation of one entity by another is a form of both deception and
usurpation. TRUE
4. Availability assures that systems work promptly and service is not denied to authorize users. TRUE
5. Information Assurance (IA) and Information Security refer to the same issue and are used
interchangeably. FALSE
6. The more critical a component or service, the higher the level of availability required. TRUE
7. Which of the following is not part of SNIA’s Common Security Frameworks?
A. Federal Financial Institutions Examination Council (FFIEC)
B. National Institute of Standards and Technology (NIST), Recommended Security Controls for Federal
Information Systems (Special Publication 800-53)
C. Trusted Computer System Evaluation Criteria (Orange Book)
D. IT Governance Institute (ITGI), Control Objectives for Information and related Technology (COBIT)
Version 4.1
8. SNIA’s Security Paradigm consist of ------------principles.
A. 4
B. 9
C. 10
D. 5
9. Which of the following is not a SNIA’s approach in applying security principles?
A. Security by obscurity strategy
B. The perimeter defense strategy

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

C. Defense in depth strategy
D. Application of technology strategy
10. The weakest link in security is the ---------------.
A. Human element
B. Technology element
C. Implementation element
D. Policy element
11. In the FIPS PUB 200, the minimum security requirements covers-------------
A. Eight security-related areas to protecting the CIA of federal information systems
B. Ten security-related areas to protecting the CIA of federal information systems
C. Seventeen security-related areas to protecting the CIA of federal information systems
D. Fourteen security-related areas to protecting the CIA of federal information systems
12. What is the primary goal of risk management?
A. To produce a 100-percent risk-free environment
B. To guide budgetary decisions
C. To reduce risk to an acceptable level
D. To provide an asset valuation for insurance
13. Vulnerabilities and risks are evaluated based on their threats against which of the following?.
A. One or more of the CIA Triad principles
B. Data usefulness
C. Due care
D. Extent of liability

14. Which of the following is not an element of the risk analysis process?
A. Analyzing an environment for risks
B. Creating a cost/benefit report for safeguards to present to upper management
C. Selecting appropriate safeguards and implementing them
D. Evaluating each risk as to its likelihood of occurring and cost of damage
15. Which of the following would not be considered an asset in a risk analysis?
A. A development process
B. An IT infrastructure
C. A proprietary system resource
D. Users’ personal files
16. What is a trusted computing Base (TCB)?
A. Hosts on your network that support secure transmissions
B. The operating system kernel and device drivers
C. The combination of hardware, software, and controls that work together to enforce a security policy
D. The software and controls that certify a security policy
17. Which of the following statement is true about security policy?
A. It is required by the federal government that every organization must have one
B. It is recommended by the federal government that every organization must have one
C. If an organization does not have a security policy cannot do business with the federal government.
D. Security policy translates, clarifies, communicate management’s position on security as defined in high-
level security principles.
18. Which security model uses security labels to grant access to objects through the use of transformation
procedures
A. Biba

B. Bell-LaPadula
C. Trusted Computer systems
D. Clark-Wilson
19. Establishing security policy, objectives, processes and procedures is part of the ______ step.
A. plan
B. check
C. act
D. none of the above
20. The Biba model was developed to protect which of the following?
A. Availability
B. Integrity
C. Confidentiality
D. Access control
21. The Bell-LaPadula model was developed to protect which of the following?
A. Availability
B. Integrity
C. Confidentiality
D. Access Control
22. Which Biba property states that a subject cannot read down?.
A. Discretionary security property
B. Simple security property
C. * (star) integrity property
D. Simple integrity property

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

23. Which model is concerned with who is authorized to give access to file and folders to other users?
A. Clark-Wilson
B. Bell LaPadula
C. Biba
D. Take-Grant
24. Which of the following is not the primary function of the Operating Systems?
A. Process management
B. BIOS management
C. File management
D. IO device management
25. Which European Standard addresses confidentiality, integrity and availability?
A. Information Technology Security Evaluation Criteria (ITSEC)
B. Trusted Computer System Evaluation Criteria (TCSEC)
C. Common Criteria (CC)
D. ISO 17799