What control is based on a specific profile for each user?

Directory based access control.

What Distributed Computing Environment (DCE) component provides a mechanism to ensure that services are made available only to properly designated parties?

Authentication and Control Service

Which of the following is the most reliable authentication device?

Combination of variable and fixed callback system

Which of the following statements pertaining to the Trusted Computer System Evaluation Criteria (TCSEC) is incorrect?

With TCSEC, functionality and assurance are evaluated separately.

Database management systems are not covered by the TCSEC

TCSEC provides a means to evaluate the trustworthiness of an information system

Why would an information security policy require that communications test equipment be controlled?

The equipment can be used to browse information passing on a network

The equipment is susceptible to damage

The equipment must always be available for replacement if necessary

The equipment can be used to reconfigure the network multiplexers

Within the Open Systems Interconnection (OSI) Reference Model, authentication addresses the need for a network entity to verify both

The identity of a remote communicating entity and the authenticity of the source of the data that are received.

The location of a remote communicating entity and the path through which communications are received.

The authenticity of a remote communicating entity and the path through which communications are received.

The identity of a remote communicating entity and the level of security of the path through which data are received.

What is the PRIMARY advantage of using a separate authentication server (e.g., Remote Access Dial-In User System, Terminal Access Controller Access Control System) to authenticate dial-in users?

C. Audit and access information are not kept on the access server

A. Each session has a unique (one-time) password assigned to it

B. Call-back is very difficult to defeat

Single user longons are easier to manage and audit

Which of the following is true regarding a secure access model?

Secure information cannot flow to a less secure user.

Secure information can flow to a less secure user.

Secure information cannot flow to a more secure user.

Which of the following choices is NOT part of a security policy?

Description of specific technologies used in the field of information security

Statement of management intend, supporting the goals and principles of information security

Definition of general and specific responsibilities for information security management

Definition of overall steps of information security and the importance of security

The access matrix model consists of which of the following parts?

A function that returns an objects type.

Which of the following is not a part of risk analysis?

Quantify the impact of potential threats

Provide an economic balance between the impact of the risk and the cost of the associated countermeasures

Memory only cards work based on:

Something you know and something you have.

What should be the size of a Trusted Computer Base?

Small – in order to facilitate the detailed analysis necessary to prove that it meets design requirements.

Large – in order to enable it to protect the potentially large number of resources in a typical commercial system environment.

Large – in order to accommodate the implementation of future updates without incurring the time and expense of recertification.

Small – in order to permit it to be implemented in all critical system components without using excessive resources.

Which of the following are objectives of an information systems security program?

Integrity, confidentiality, and availability

Authenticity, vulnerabilities, and costs

Security, information value, and threats

Threats, vulnerabilities, and risks

Which one of the following are examples of security and controls that would be found in a “trusted” application system?

File integrity routines and audit trail

Correction routines and reliability

Reconciliation routines and data labels

Data validation and reliability

Which of the following are the types of eye scan in use today?

Reflective scans and iris scans.

Retinal scans and reflective scans.

What is an access control model?

A formal description of security policy.

A formal description of access control ID specification.

A formal description of a sensibility label.

All of the following are basic components of a security policy EXCEPT the _____.

statement of performance of characteristics and requirements.

statement of roles and responsibilities

definition of the issue and statement of relevant terms.

statement of applicability and compliance requirements.

Which of the following best explains why computerized information systems frequently fail to meet the needs of users?

Inadequate user participation in defining the system’s requirements

Inadequate quality assurance (QA) tools

IIS Trial Test

Authored by Hiền Đào

Science

University

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

60 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Risk analysis is MOST useful when applied during which phase of the system development process?

Requirements definition

Implementation planning

Project identification

System construction

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

Senior Management

Seniors security analysts

System auditors

IS security specialists

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which one of the following describes a covert timing channel?

Provides the timing trigger to activate a malicious program disguised as a legitimate function.

Used by a supervisor to monitor the productivity of a user without their knowledge.

Allows one process to signal information to another by modulating its own use of system resources.

Modulated to carry an unintended information signal that can only be detected by special, sensitive receivers.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is being considered as the most reliable kind of personal identification?

Finger print

Ticket Granting

Password

Token

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the main responsibility of the information owner?

making the determination to decide what level of classification the information requires

periodically checking the validity and accuracy for all data in the information system

running regular backups

audit the users when they require access to the information

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is called the access protection system that limits connections by calling back the number of a previously authorized location?

Sendback forward systems

Callback forward systems

Sendback system

Callback systems

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is called a type of access control where a central authority determines what subjects can have access to certain objects, based on the organizational security policy?

Rule-based access control

Non-discretionary Access Control

Mandatory Access Control

Discretionary Access Control

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

60 questions

Anatomy & Physiology Midterm Review

Quiz

•

University

60 questions

Unit 3 Study Guide

Quiz

•

6th Grade - University

57 questions

DatuBāzesTests

Quiz

•

University

61 questions

7th Grade Semester 2 Final Review

Quiz

•

7th Grade - University

60 questions

F2 SAINS BOOSTER UASA 2025 #CGZANNA

Quiz

•

7th Grade - University

59 questions

Wave Quizzizz

Quiz

•

10th Grade - University

58 questions

SOL Energy Test Review Part 2

Quiz

•

5th Grade - University

65 questions

Modern technologies

Quiz

•

University

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for Science

11 questions

Recitation Week 2

Quiz

•

University

IIS Trial Test

Risk analysis is MOST useful when applied during which phase of the system development process?

Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

Which one of the following describes a covert timing channel?

Which of the following is being considered as the most reliable kind of personal identification?

What is the main responsibility of the information owner?

What is called the access protection system that limits connections by calling back the number of a previously authorized location?

What is called a type of access control where a central authority determines what subjects can have access to certain objects, based on the organizational security policy?

What control is based on a specific profile for each user?

Which of the following implements the authorized access relationship between subjects and objects of a system?

What represents the amount of time you hold down in a particular key?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Science