Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

A. Data custodian

B. Auditor

C. User

D. Data owner

Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

A. If you don't know the threat, how do you know what to protect?

B. If you don't know what to protect, how do you know you are protecting it?

C. If you are not protecting it (the critical and sensitive information), the adversary wins!

D. If you don't know about your security resources you cannot protect your network.

Which of the following models uses a directed graph to specify the rights that a subject can transfer to an object or that a subject can take from another subject?

A. Take-Grant Protection Model

B. Bell-LaPadula Model

C. Biba Integrity Model

D. Access Matrix

Which of the following relies on a physical characteristic of the user to verify his identity?

A. Social Engineering

B. Kerberos v5

C. Biometrics

D. CHAP

Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

A. Data downloading from the Internet

B. File and object access

C. Network logons and logoffs

D. Printer access

What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

A. Troubleshooting

B. Investigation

C. Upgradation

D. Backup

A contract cannot have provisions for which one of the following?

A. Subcontracting the work

B. Penalties and fines for disclosure of intellectual rights

C. A deadline for the completion of the work

D. Illegal activities

Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

A. The Configuration Manager

B. The Supplier Manager

C. The Service Catalogue Manager

D. The IT Service Continuity Manager

Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

A. Malicious Communications Act (1998)

B. Anti-Cyber-Stalking law (1999)

C. Stalking Amendment Act (1999)

D. Stalking by Electronic Communications Act (2001)

Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

A. Safeguard

B. Single Loss Expectancy (SLE)

C. Exposure Factor (EF)

D. Annualized Rate of Occurrence (ARO)