Professional Documents
Culture Documents
Points: 2
Answer a.
Ensuring that access to assets is authorized and restricted
based on business and security requirements
c.
Assurance that a claimed characteristic of an entity is
correct
Points: 2
2. Multiple Answer: Chance of materialization of threat: Which of
the following terms best des...
Question Which of the following terms best describes the chances that a threat to
an information system will materialize?
Answer a. Threat
b. Vulnerability
c. Weakest link
d. Risk
Points: 2
3. Multiple Answer: Common criteria: Which of the following
is/are NOT TRU...
Question Which of the following is/are NOT TRUE about Common Criteria?
Answer a.
it ensures that claims about the security attributes of the
evaluated product were independently verified
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 1/7
9/5/23, 9:18 AM Content
b.
it ensures that a minimal time is required to obtain
certification
d.
it ensures that the product can be sold in multiple countries
Points: 2
4. Multiple Answer: Corrective controls: Which of the following
is/are correct...
Question Which of the following is/are corrective controls
Audit
Disaster recovery
Re-training
Replacement
Points: 2
5. Multiple Answer: Defense in Depth: Which of the following
is/are NOT dir...
Question Which of the following is/are NOT directly addressed in the defence in
depth doctrine for information security?
Answer a.
Three mandatory activities of prevention, detection, and
response should be present in a security system
b.
Defense in depth should encompass people, technology
and operations
c.
The aspects of whether information is being stored,
communicated or processed should be discerned when
designing security.
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 2/7
9/5/23, 9:18 AM Content
d.
Information access should be based on least privilege, and
thus compartmentalization and need to know should be
implemented.
e.
Security system design should embrace ease of usage as
the most important criterion
Points: 2
6. Multiple Answer: IT security requirements: Which of the
following best represent...
Question Which of the following best represents the two types of IT security
requirements?
Points: 2
7. Multiple Answer: Information security goals: Which of the
following represents att...
Question Which of the following represents attributes/goals of information
security?
b.
People controls, process controls, and technology controls
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 3/7
9/5/23, 9:18 AM Content
Points: 2
8. Multiple Answer: Need to know: The principle of ‘need to
know’ in in...
Question The principle of ‘need to know’ in information security advocates that
each user should have access to only as much information as needed to
carry out the tasks they are assigned, and no more (least privilege
access). Which of the following is/are potential shortcomings or
drawbacks of such an approach to security?
Answer a.
It is not always obvious what might be adequate information
to carry out a task
b.
It may be difficult to assess and grant access in a timely
manner not to disrupt functionality
c.
It violates transparency, and organizations should always
disclose all information to every employee
d.
It is not feasible to carry out security audit if need to know is
implemented
Points: 2
9. Multiple Answer: Policy:: In the context of information
securit...
Question In the context of information security management systems, which of the
following best describes the term ’policy’?
Answer a.
overall intention and direction as formally expressed by
management
b.
specification of the way to carry out an activity or a process
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 4/7
9/5/23, 9:18 AM Content
d.
activity undertaken to determine the adequacy and
effectiveness of the subject matter to achieve established
objectives
Points: 2
10. Multiple Answer: Purpose of a control: In the context of
information securit...
Question In the context of information security management systems, which of the
following is/are NOT standard classification(s) of the purpose of a
control:
Answer a. prevent
b. predict
c. audit
d. detect
Points: 2
11. Multiple Answer: Risk: In the context of information securit...
Question In the context of information security management systems, which of the
following best describe(s) the term ’risk’?
non-fulfillment of a requirement
Points: 2
12. Multiple Answer: Security goal assurance: Which of the
following terms best des...
Question Which of the following terms best describes the assurance that data has
not been changed unintentionally due to an accident or malice?
Answer a. Utility
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 5/7
9/5/23, 9:18 AM Content
b. Availability
c. Control
d. Integrity
Points: 2
13. Multiple Answer: Security requirements: Security functional
requirements desc...
Question Security functional requirements describe which of the following?
Points: 2
14. Multiple Answer: Shortcomings of standards: Why might
adherence to standards be i...
Question Why might adherence to standards be inadequate to meet information
security objectives?
Answer a.
Standards take a long time to develop and ratify, and may
not cover every issue. Thus only adherence to standards
may lead to a false sense of safety (complacency) in an
organization.
b.
Compliance to standards is expensive, and creates too
much bureaucracy.
c.
There are too many standards, and one never knows which
ones are to be complied with.
d.
Standards provide actionable guideline on what to do, and
are actually useful for meeting security objectives.
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 6/7
9/5/23, 9:18 AM Content
e.
certification provides assurance and acceptability of the
product in the global market
Points: 2
15. Multiple Answer: Weakness in a system: Which of the
following terms best des...
Question Which of the following terms best describes the weakness in a system
that may possibly be exploited?
Answer a. Risk
b. Threat
c. Vulnerability
d. Weakest link
https://ntulearn.ntu.edu.sg/ultra/courses/_2646668_1/cl/outline 7/7