{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

30 acting with excellence competence and diligence is

Info iconThis preview shows pages 8–11. Sign up to view the full content.

View Full Document Right Arrow Icon
30 Acting with excellence, competence, and diligence is known as A. Due care B. Due diligence C. Due ignorance D. The Golden Principles Answer: A See Chapter 6. Executives and other managers must operate their companies with due care, which includes having adequate Disaster Recovery Planning. 31 An access control system that grants access to information based on that information's classification and the clearance of the individual is known as A. Identity-based access control B. Mandatory access control
Background image of page 8

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
C. Role-based access control D. Identity-based access control Answer: B See Chapter 4. Mandatory access control is based on the user’s clearance level, the classification of the information, and the user’s need to know. 32 An access control system that grants access to information based on the identity of the user is known as A. Identity-based access control B. Mandatory access control C. Role-based access control D. Clearance-based access control Answer: A See Chapter 4. Identity-based access control is used to grant access to information based on the identity of the person requesting access. 33 An access control system that gives the user some control over who has access to information is known as A. Identity-based access control B. User-directed access control C. Role-based access control D. Clearance-based access control Answer: B See Chapter 4. User-directed access control, a form of discretionary access control, permits the user to grant access to information based on certain limitations. 34 Encryption, tokens, access control lists, and smart cards are known as A. Discretionary access controls B. Physical controls C. Technical controls D. Administrative controls Answer: C See Chapter 4. These are examples of technical, or logical, controls. 35 Supervision, audits, procedures, and assessments are known as A. Discretionary access controls B. Safeguards C. Physical controls D. Administrative controls Answer: D
Background image of page 9
See Chapter 4. Administrative access controls consist of all the policies and procedures that are used to mitigate risk. 36 Security guards, locked doors, and surveillance cameras are known as A. Site-access controls B. Safeguards C. Physical access controls D. Administrative controls Answer: C See Chapter 4. Physical access controls include these controls and others, such as backups, protection of cabling, and card-key access. 37 Role-based access control and task-based access control are examples of A. Mandatory access controls B. Administrative controls C. Discretionary access controls D. Non-discretionary access controls Answer: D See Chapter 4. These controls are known as non-discretionary controls, which match information to roles or tasks, and not to individual users. 38 Audits, background checks, video cameras, and listening devices are known as A. Discretionary controls B. Physical controls C. Preventive controls D. Detective controls Answer: D See Chapter 4. Detective controls are those controls that are designed to detect security events but can't prevent them in the way that preventive controls can.
Background image of page 10

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}