1. A minimum set of access rights needed to perform a specific job description is: A) Separation of duties B) Need-to-know C) Separation-of-privilege D) Privileged-controls Correct Answer(s): B
2. An organization's security posture is should exist before any computers are inst alled. Select all that are correct! A) guidelines B) sales projections C) procedures D) None of the others are correct E) standards Correct Answer(s): E, A, C
3. ____________ is used to reduce time by grouping users with a common access need. A) ACLD B) RBAC C) MACP D) DACS Correct Answer(s): B
4. Configuration and change management addresses all of the following except: A) Software B) Networking C) Hardware D) Entity users Correct Answer(s): D
5. Redirecting an internet user from a legitimate site to a malicious Web site for the purpose of harvesting user IDs and passwords is referred to as: A) Phishing B) Pharming C) Scamming D) Slamming Correct Answer(s): B
6. 1. An effective security policy contains which of the following information ? Select all correct answers. A) Compliance management and measurements description B) Smart Card Requirements C) Measurement expectations D) Reference to other policies
�Correct Answer(s):
D, C, A
7. Configuration and change management controls: A) Ensure that security is not breached when a system crashes B) Protect company resources and assets C) Involve pre-employment screening and mandatory vacation time D) Identify, control, and audit changes by administrative personnel Correct Answer(s): D
8. A program, disguised as a useful utility, that has hidden and malicious function s is known as: A) Worm B) Virus C) Malware D) Trojan horse Correct Answer(s): D
9. As the software development process matures, who is increasingly responsible for safeguarding applications? A) IT directors B) Security administrators C) Software designers 