每时时每刻 可信安全 QUIZ 1 Which of the following is not a responsibility of a database administrator? A Maintaining databases B Implementing access rules to databases C Reorganizing databases D Providing access authorization to databases D 每时时每刻 可信安全 QUIZ 2 According to governmental data classification levels, how would answers to tests and health care information be classified? A Confidential B Sensitive but unclassified C Private D Unclassified B 每时时每刻 可信安全 每时时每刻 可信安全 QUIZ 3. According to private sector data classification levels, how would salary levels and medical information be classified? A Confidential B Public C Private D Sensitive C 每时时每刻 可信安全 QUIZ 4 Which of the next are steps of a common development process of creating a security policy, standards and procedures? A design, development, publication, coding, testing B design, evaluation, approval, publication, implementation C initial and evaluation, development, approval, publication, implementation, maintenance D feasibility, development, approval, implementation, integration C 每时时每刻 可信安全 5 What is the main purpose of a security policy? A to transfer the responsibility for the information security to all users of the organization B to provide detailed steps for performing specific actions C to provide a common framework for all development activities D to provide the management direction and support for information security D 每时时每刻 可信安全 6 Which of the following department managers would be best suited to oversee the development of an information security policy? A Security administration B Human resources C Business operations D Information systems C 每时时每刻 可信安全 7 Which of the following is not a responsibility of an information owner? A Running regular backups and periodically testing the validity of the backup data. B Delegate the responsibility of data protection to data custodians. C Periodically review the classification assignments against business needs. D Determine what level of classification the information requires. A 每时时每刻 可信安全 8 Which of the following is not a goal of integrity? A Prevention of the modification of information by unauthorized users. B Prevention of the unauthorized or unintentional modification of information by authorized users. C Prevention of the modification of information by authorized users. D Preservation of the internal and external consistency. C 每时时每刻 可信安全 9 Why do many organizations require every employee to take a mandatory vacation of a week or more? A To lead to greater productivity through a better quality of life for the employee. B To reduce the opportunity for an employee to commit an improper or illegal act. C To provide proper cross training for another employee. D To allow more employees to have a better understanding of the overall system. B 每时时每刻 可信安全 10 Which of the following would best relate to resources being used only for intended purposes? A Availability B Integrity C Reliability D Confidentiality A 每时时每刻 可信安全 11 Security of computer-based information systems is which of the following? A technical issue B management issue C training issue D operational issue B 每时时每刻 可信安全 12 Which of the following would be the first step in establishing an information security program? A Development and implementation of an information security standards manual. B Development of a security awareness-training program for employees. C Purchase of security access control software. D Adoption of a corporate information security policy statement. D 每时时每刻 可信安全 13 Which of the following tasks may be performed by the same person in a well-controlled information processing facility/computer center? A Computer operations and system development B System development and change management C System development and systems maintenance D Security administration and change management C 每时时每刻 可信安全 14 Computer security should not: A Cover all identified risks. B Be cost-effective. C Be examined in both monetary and non-monetary terms. D Be proportionate to the value of IT systems. A 每时时每刻 可信安全 15 Which of the following is most concerned with personnel security? A Management controls B Human resources controls C Technical controls D Operational controls D 每时时每刻 可信安全 16 Which of the following is most likely given the responsibility of the maintenance and protection of the data? A Security administrator B User C Data custodian D Data owner C 每时时每刻 可信安全 17 Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A Information systems security professionals B Data owners C Data custodians D Information systems auditors D 每时时每刻 可信安全 18 Risk mitigation and risk reduction controls can be of which of the following types? A preventive, detective, or corrective B Administrative, operational or logical C detective, corrective D preventive, corrective and administrative A 每时时每刻 可信安全 19 Which of the following would best classify as a