Nt1310 Final Exam
1. Which of the following statements is true?
a. The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls. (Incorrect. The concept of defense-in-depth is based on the idea that, given enough time and resources, any single control, no matter how sophisticated, can be overcome—therefore, the use of redundant, overlapping controls maximizes security.) b. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. (Correct. As Figure 8-2 shows, security is the foundation for achieving the other four components of system reliability.)
c. The time-based model of security can be expressed in the following formula: P < D + C …show more content…
All of the above are true. (Correct. All three statements are true.)
10. Which of the following can organizations use to protect the privacy of a customer’s personal information when giving programmers a realistic data set with which to test a new application?
a. digital signature (Incorrect. A digital signature is used for nonrepudiation. However, because it is an encrypted hash, it cannot be used to test programming logic.)
b. digital watermark (Incorrect. A digital watermark is used to identify proprietary data, but it does not protect privacy.)
c. data loss prevention (Incorrect. Data loss prevention is designed to protect confidentiality by filtering outgoing messages to prevent sensitive data from leaving the company.) d. data masking (Correct. Masking replaces actual values with fake ones, but the result is still the same type of data, which can then be used to test program logic.)
1. Which of the following is a characteristic of auditing?
a. Auditing is a systematic, step-by-step process. (Incorrect. While this is true, it is not the only correct answer.)
b. Auditing involves the collection and review of evidence. (Incorrect. While this is true, it is not the only correct
a. The concept of defense-in-depth reflects the fact that security involves the use of a few sophisticated technical controls. (Incorrect. The concept of defense-in-depth is based on the idea that, given enough time and resources, any single control, no matter how sophisticated, can be overcome—therefore, the use of redundant, overlapping controls maximizes security.) b. Information security is necessary for protecting confidentiality, privacy, integrity of processing, and availability of information resources. (Correct. As Figure 8-2 shows, security is the foundation for achieving the other four components of system reliability.)
c. The time-based model of security can be expressed in the following formula: P < D + C …show more content…
All of the above are true. (Correct. All three statements are true.)
10. Which of the following can organizations use to protect the privacy of a customer’s personal information when giving programmers a realistic data set with which to test a new application?
a. digital signature (Incorrect. A digital signature is used for nonrepudiation. However, because it is an encrypted hash, it cannot be used to test programming logic.)
b. digital watermark (Incorrect. A digital watermark is used to identify proprietary data, but it does not protect privacy.)
c. data loss prevention (Incorrect. Data loss prevention is designed to protect confidentiality by filtering outgoing messages to prevent sensitive data from leaving the company.) d. data masking (Correct. Masking replaces actual values with fake ones, but the result is still the same type of data, which can then be used to test program logic.)
1. Which of the following is a characteristic of auditing?
a. Auditing is a systematic, step-by-step process. (Incorrect. While this is true, it is not the only correct answer.)
b. Auditing involves the collection and review of evidence. (Incorrect. While this is true, it is not the only correct