CISSP TUESDAY QUIZ

Instructor:

Nikki Hess

 

Name:

 

 

 

 

Date:

 

 

1.       What are the three PRINCIPLES of SECURITY?

a.      _____________________

b.      _____________________

c.      _____________________

2.       What are the three types of policies that we are bound to in our security policy?

a.      _____________________

b.      _____________________

c.      _____________________

3.       What is the difference between ISO 27001 and ISO 17799/27002?

 

4.       What is the OECD?

 

5.       Explain the difference between the information owner and the data custodian

 

6.       What are the four ways we can handle risk in the environment?

a.      _____________________

b.      _____________________

c.      _____________________

d.      _____________________

7.       List the data classifications for military documents in order from most confidential to least.

a.      _____________________

b.      _____________________

c.      _____________________

d.      _____________________

e.      _____________________

8.       What is the Delphi Technique?

 

9.       What is the function of a database role?

 

10.   Explain the difference between Type I errors and Type II errors in biometrics.

 

11.   The highest accuracy potential of all discussed biometric devices is what?

 

12.   Explain the pros and cons of a password generator.

 

13.   What is a dictionary attack?

 

 

14.   Strong authentication (also called two-factor authentication) must include two of the following three things: 

a.      _____________________

b.      _____________________

c.      _____________________

15.   Explain the concept of rotation of duties and why it’s so important

 

Matching:

Baselines                                  Countermeasure                      Exposure                      Guidelines

Information Warfare                Policies                                                Procedures                  Standards       

Security governance               Shoulder Surfing                      Social Engineering       Threat

Threat Agent                            Vulnerability

16.   Mandatory activities, actions or rules that give a policy its support and reinforcement in direction

17.   When one person tricks another person into sharing confidential information such as by posing as someone authorized to have access to that information

18.   Recommended actions and operational guides to users, IT staff, operations staff and others

19.   An instance of being exposed to losses from a threat agent

20.   Detailed step-by-step instructions that should be performed to achieve a goal

21.   All of the tools, personnel, and business processes necessary to ensure that the security implemented meets the organization’s specific needs