首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte
The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte
admin
2013-12-19
85
问题
The following scenario applies to questions 29, 30, and 31.
Barry has just been hired as the company security officer at an international financial institution. He has reviewed the company’s data protection policies and procedures. He sees that the company stores its sensitive data within a secured database. The database is located in a network segment all by itself, which is monitored by a network-based intrusion detection system. The database is hosted on a server kept within a server room, which can only be accessed by personnel with the correct PIN value and smart card. Barry finds that the sensitive data backups are not being properly secured and requests that the company implement a secure courier service that moves backup tapes to a secured location. His management states that this option is too expensive, so Barry implements a local hierarchy storage management system that properly protects the sensitive data.
Which of the following best describes the control types the company originally had in place?
选项
A、Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical detective controls are the physical location of the database and PIN and smart card access controls.
B、Administrative preventive controls are the policies. Technical preventive controls are securing the system and intrusion detection system. Physical preventive controls are the physical location of the database and PIN and smart card access controls.
C、Administrative corrective controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical preventive controls are the physical location of the database and PIN
D、Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system and network segmentation. The technical detective control is the intrusion detection system. Physical preventive controls are the phy
答案
D
解析
D正确。行政预防控制指的是政策和过程。技术预防控制是为了确保系统和网络部门的安全。技术检测控制指的是入侵检测系统,物理预防控制指的是数据库、PIN和智能卡访问控制的物理位置。
A不正确。因为入侵检测系统不是一种预防控制,这是一个检测控制的例子。保证恰当的预防控制和检测控制至关重要。
B不正确。因为这个选项是一个行政防御控制,它没有提到过程。这个答案也错误地将入侵检测系统描述为预防控制,而不是检测控制。
C不正确。因为这个答案错误地将入侵检测系统描述为一组预防控制,而不是检测控制。这个答案也描述了政策和过程是矫正控制,但是它们是预防控制。
转载请注明原文地址:https://kaotiyun.com/show/FNhZ777K
0
CISSP认证
相关试题推荐
Themassmediaisabigpartofourculture,yetitcanalsobeahelper,adviserandteachertoouryounggeneration.Themass
Thetranslatormusthaveanexcellent,up-to-dateknowledgeofhis【C1】______languages,fullfacilityinthehandlingofhistarg
TheAffordableCareAct,betterknownasObamacare,wassupposedtotransformAmericanhealthinsurance.Criticshavelongfeare
DungtoDeathFieldsacrossEuropearecontaminatedwithdangerouslevelsoftheantibioticsgiventofarmanimals.Thedrug
AUniversityofNebraskaprofessorhasdevelopedroboticconesandbarrels.(41)______Theycanevenbeprogrammedtomoveonthe
EconomistsoftenliketospeakofHomoeconomicus—rationaleconomicman.Inpractice,humaneconomicbehaviourisnotquiteasr
Menandwomendothinkdifferently,atleastwheretheanatomyofthebrainisconcerned,accordingtoanewstudy.Thebrainis
Writealettertoacompanydecliningajoboffer.Inyourletter,youshouldappreciatethejoboffer,andstateyourreason(s)
Herearesomemanagementtoolsthatcanbeusedtohelpyouleadapurposefullife.1.UseYourResourcesWisely.Yourdecisi
Overthepastdecade,manycompanieshadperfectedtheartofcreatingautomaticbehaviors—habits—amongconsumers.Thesehabits
随机试题
下列资产负债表日后期间发生的事项中,属于资产负债表日后非词整事项的有()。
世界上最早的通讯社哈瓦斯社创办于()
某妇女,28岁,白带增多半年。妇科检查发现:阴道壁充血,宫颈光滑,白带呈稀薄泡沫状。
拱上结构的砌筑要符合哪些规定?
下列关于混凝土工程计量与支付的说法正确的是()。
“师者,所以传道受业解惑也”,这句话说明了教师的天职是()。
根据我国宪法的规定,下列选项中,连续任职不得超过两届的领导人是()。
Developingfriendlytieswithneighborlycountriesisthepriorityaimofthiscountry’sforeignpolicyandthispolicywillnot
若有以下程序:#include<iostream>usingnamespacestd;classBase{private:inta,b;public:Base(int
考生文件夹下存在一个数据库文件“samp2.accdb”,里面已经设计好“tCourse”、“tGrade”、“tStudent”三个关联表对象和一个空表“tSinfo”,试按以下要求完成设计:创建一个查询,计算每名学生所选课程的学分总和,并依次显示“
最新回复
(
0
)