merkow_tb_09

merkow_tb_09 - CHAPTER 9: OPERATIONS SECURITY Multiple...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CHAPTER 9: OPERATIONS SECURITY Multiple Choice: 1. Which of the following is NOT a resource that operations security identifies the controls for? A. Software B. Hardware C. Media D. All of the above are resources. Answer: D Reference: Introduction Difficulty: moderate 2. A control that makes certain no one person has excessive privileges is: A. Separation of duties B. Principle of least privilege C. Need-to-know D. Individual privilege Answer: A Reference: Operations Security Principles Difficulty: moderate 3. A minimum set of access rights needed to perform a specific job description is: A. Separation of duties B. Need-to-know C. Privileged-controls D. Separation-of-privilege Answer: B Reference: Operations Security Principles Difficulty: moderate 4. Which of the following is NOT a key element of a system of internal and security controls? A. Employ competent people B. Have adequate separation of job duties C. Execute internal and external transactions D. Maintain adequate documents and records
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Answer: C Reference: Operations Security Principles Difficulty: moderate 5. Which of the following is a fundamental reason why separation of duties is important? A. People are an integral part of operations process B. People have shortcomings C. Both A and B D. None of the above Answer: C Reference: Operations Security Principles Difficulty: moderate 6. People engage in fraud, theft, or malicious activities for all of the following reasons except: A. Some financial crises motivates them B. They can justify their actions C. Internal controls are not in place D. All of the above are reasons Answer: D Reference: Operations Security Principles Difficulty: moderate 7. Operations security process controls include all of the following except: A. Personnel security B. Resource protection C. User recovery controls D. Privileged entity controls Answer: C
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/05/2011 for the course IT 6392 taught by Professor Smith during the Spring '10 term at GCSU.

Page1 / 6

merkow_tb_09 - CHAPTER 9: OPERATIONS SECURITY Multiple...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online