Ciisp Exam

QUESTION DRILL OPERATIONS SECURITY 020504 - Answers

1. Which of the following is not an important aspect of the new employee hiring process?

D: The exit interview is part of the termination process.

2. Which of the following is considered the lowest level of priviledge?

A: Read only is the lowest privilege level.

3. The first step in hiring a new employee is what?

B: The first step in hiring a new employee is the creation of a job description. Without a job description there is no clear understanding of who is needed and the work tasks they will be required to perform.

4. What type of security controls are used to encourage compliance with other security controls?

A: Directive or deterrent controls are used to encourage compliance with other security controls.

5. The Orange Book defines two types of assurance. Which of the following are they?

B: The Orange book defines Operational and Life Cycle assurance.

6. Operations security is primarily concerned with?

A: Operations security is primarily concerned with protecting assets from threats.

7. The security practice of ensuring that no one individual has complete control or access over a system's security mechanism is known as?

B: The security practice of ensuring that no one individual as complete control or access over a system's security mechanism is known as separation of duties.

8. What is trusted recovery?

C: Trusted recovery is a process that ensures a system's security is not violated when it encounters a failure requiring a restoration.

9. Which of the following is not a safeguard against collusion?

B: Trusted recovery is not a safeguard against collusion. It is a safeguard against failure states encountered by the OS or software which prevents the system from restarting into an insecure state.

10. What is the primary goal of configuration or change management?

C: The primary goal of configuration or change management is...