Which of the following DoD directives is referred to as the Defense Automation Resources Management Manual?
Correct Answer:
B
The various DoD directives are as follows:
DoD 5200.1-R: This DoD directive refers to the 'Information Security Program Regulation'. DoD 5200.22-M: This DoD directive refers the 'National Industrial Security Program Operating Manual'. DoD 7950.1-M: This DoD directive refers to the 'Defense Automation Resources Management Manual'. DoDD 8000.1: This DoD directive refers to the 'Defense Information Management (IM) Program'. DoD 8910.1: This DoD directive refers to the 'Management and Control of Information Requirements'.
Which of the following are the phases of the Certification and Accreditation (C&A) process? Each correct answer represents a complete solution. Choose two.
Correct Answer:
AD
The Certification and Accreditation (C&A) process consists of four distinct phases: 1.Initiation 2.Security Certification 3.Security Accreditation 4.Continuous Monitoring The C&A activities can be applied to an information system at appropriate phases in the system development life cycle by selectively tailoring the various tasks and subtasks. Answer B and C are incorrect. Auditing and detection are not phases of the Certification and Accreditation process.
In which type of access control do user ID and password system come under?
Correct Answer:
B
Technical access controls include IDS systems, encryption, network segmentation, and antivirus controls. Answer D is incorrect. The policies and procedures implemented by an organization come under administrative access controls. Answer A is incorrect. Security guards, locks on the gates, and alarms come under physical access controls. Answer B is incorrect. There is no such type of access control as power control.
CORRECT TEXT
Fill in the blank with an appropriate phrase. models address specifications, requirements, design, verification and validation, and maintenance activities.
Correct Answer:
A
A life cycle model helps to provide an insight into the development process and emphasizes on the relationships among the different activities in this process. This model describes a structured approach to the development and adjustment process involved in producing and maintaining systems. The life cycle model addresses specifications, design, requirements, verification and validation, and maintenance activities.
Which of the following areas of information system, as separated by Information Assurance Framework, is a collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy?
Correct Answer:
D
The areas of information system, as separated by Information Assurance Framework, are as follows: Local Computing Environments: This area includes servers, client workstations, operating system, and applications. Enclave Boundaries: This area consists of collection of local computing devices, regardless of physical location, that are interconnected via local area networks (LANs) and governed by a single security policy. Networks and Infrastructures: This area provides the network connectivity between enclaves. It includes operational area networks (OANs), metropolitan area networks (MANs), and campus area networks (CANs). Supporting Infrastructures: This area provides security services for networks, client workstations, Web servers, operating systems, applications, files, and single-use infrastructure machines
