Like what you see? Get it in one document for easy printing!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 7:  Practice Exam Answers

Previous Topic/Section
Answers to Questions 81-85
Previous Page
Pages in Current Topic/Section
1
Next Page
Answers to Questions 91-95
Next Topic/Section

Answers to Questions 86-90

86. Which of the following correctly describe "good" security practice?

A. Accounts should be monitored regularly

B. You should have a procedure in place to verify password strength

C. You should ensure that there are no accounts without passwords

D. No Answer is Correct

Explanation: In many organizations accounts are created and then nobody ever touches those accounts again. This is a very poor security practice. Accounts should be monitored regularly. You should look at unused accounts and you should have a procedure in place to ensure that departing employees have their rights revoke prior to leaving the company. You should also have a procedure in place to verify password strength or to ensure that there are no accounts without passwords, as poor passwords and no passwords are major security vulnerabilities.

& Section 5.5.4: Auditing

 

87. What is a counter measure to data aggregation?

A. Separation of duties

B. Need to know

C. Job rotation

D. No Answer is Correct

Explanation: Data Aggregation occurs when smaller pieces of information are assembled together to provide the "big picture". The risk is that through data collection techniques, a person who is authorized to have some of much of the information may be able to discern more than what they should from the information. A good countermeasure is to maintain strong separation of duties and a "need to know" approach. Job rotation can be beneficial.

& Section 5.4.1.4: Separation of Duties (Security Policy)

 

88. Separate information, when combined with other information, can establish a larger understanding. This is known as:

A. Data aggregation

B. Data mining

C. Data retention

D. Data archiving

Explanation: Classified information is generally government information and must be protected against unauthorized disclosure. The classifications to protect this information are generally Top Secret, Secret and confidential. Sensitive information is often related to military critical technologies that are new or identifies key operational capabilities. Sensitive But Unclassified (SBU), or Sensitive Unclassified Information (SUI), is not government classified per se, but still requires protection. The information many not be of value, but when combined with other information can establish a larger understanding (data aggregation).

Data mining is the process of gathering the information. Data retention and archiving involve keeping data around (so that it is subject to data mining, and thus may eventually be used for data aggregation reconnaissance techniques).

& Section 5.4.1.4: Separation of Duties (Security Policy)

 

89. With Qualitative Risk Analysis, which of the following are involved?

A. Development of a scenario

B. Working through of a scenario

C. Non-numeric factors

D. No Answer is Correct

Explanation: Qualitative Risk Analysis does not attempt to assign numeric values to the components of the analysis. Rather, it is scenario oriented to identify the types of problems that can occur, the development of a scenario, working through the scenario to determine the outcome and then ranking the seriousness of the threat and sensitivity of the assets.

& Section 5.7.2: Risk Assessment

 

90. With the concept of due care, an organization may not be held fully responsible should the organization be able to demonstrate that it used:

A. The most cost effective measures

B. The most expensive measures

C. Controls and practices that are generally used

D. The IEEE approved protocols

Explanation: The approach of due care is an important one. Even if the organization gets cause in a problem, they may not be held fully responsible or liable should the organization be able to demonstrate that it took the appropriate cautions and used controls and practices that are generally used.

& Section 5.4.1.2: Due Care (Security Policy)


Previous Topic/Section
Answers to Questions 81-85
Previous Page
Pages in Current Topic/Section
1
Next Page
Answers to Questions 91-95
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.