Access Control and Identity Management
Security features governing who can access resources in the operating system.
- Which of the following processes does the decomposition and definition sequence of the Vee model include? Each correct answer represents a part of the solution. Choose all that apply.
- You work as a project manager for BlueWell Inc. You with your team are using a method or a (technical) process that conceives the risks even if all theoretically possible safety measures would be applied. One of your team member wants to know that what is a residual risk. What will you reply to your team member?
- An asset with a value of $600,000 is subject to a successful malicious attack threat twice a year. The asset has an exposure of 30 percent to the threat. What will be the annualized loss expectancy?
- Which of the following DoD directives defines DITSCAP as the standard C&A process for the Department of Defense?
- Microsoft software security expert Michael Howard defines some heuristics for determining code review in "A Process for Performing Security Code Reviews". Which of the following heuristics increase the application's attack surface? Each correct answer represents a complete solution.Choose all that apply.
- Which of the following statements about the integrity concept of information security management are true? Each correct answer represents a complete solution. Choose three.
- Which of the following plans is designed to protect critical business processes from natural or man- made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?
- Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.
- Certification and Accreditation (C&A or CnA) is a process for implementing information security. It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation. Which of the following statements are true about Certification and Accreditation? Each correct answer represents a complete solution. Choose two.
- Which of the following methods determines the principle name of the current user and returns the jav a.security.Principal object in the HttpServletRequest interface?