The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

admin2013-12-19 68

问题 The following scenario applies to questions 29, 30, and 31.
Barry has just been hired as the company security officer at an international financial institution. He has reviewed the company’s data protection policies and procedures. He sees that the company stores its sensitive data within a secured database. The database is located in a network segment all by itself, which is monitored by a network-based intrusion detection system. The database is hosted on a server kept within a server room, which can only be accessed by personnel with the correct PIN value and smart card. Barry finds that the sensitive data backups are not being properly secured and requests that the company implement a secure courier service that moves backup tapes to a secured location. His management states that this option is too expensive, so Barry implements a local hierarchy storage management system that properly protects the sensitive data.
Which of the following best describes the control types the company originally had in place?

选项 A、Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical detective controls are the physical location of the database and PIN and smart card access controls.
B、Administrative preventive controls are the policies. Technical preventive controls are securing the system and intrusion detection system. Physical preventive controls are the physical location of the database and PIN and smart card access controls.
C、Administrative corrective controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical preventive controls are the physical location of the database and PIN
D、Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system and network segmentation. The technical detective control is the intrusion detection system. Physical preventive controls are the phy

答案D

解析 D正确。行政预防控制指的是政策和过程。技术预防控制是为了确保系统和网络部门的安全。技术检测控制指的是入侵检测系统，物理预防控制指的是数据库、PIN和智能卡访问控制的物理位置。
A不正确。因为入侵检测系统不是一种预防控制，这是一个检测控制的例子。保证恰当的预防控制和检测控制至关重要。
B不正确。因为这个选项是一个行政防御控制，它没有提到过程。这个答案也错误地将入侵检测系统描述为预防控制，而不是检测控制。
C不正确。因为这个答案错误地将入侵检测系统描述为一组预防控制，而不是检测控制。这个答案也描述了政策和过程是矫正控制，但是它们是预防控制。

转载请注明原文地址:https://kaotiyun.com/show/FNhZ777K

CISSP认证

相关试题推荐

随机试题

最新回复(0)

The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

CISSP认证

TheTreasurycouldpocket20millionayearinextrafinesoncethecountry’sspeedcameranetworkisexpanded.Motoringorgani

Individualsandbusinesseshavelegalprotectionforintellectualpropertytheycreateandown.Intellectualproper【C1】______fro

Individualsandbusinesseshavelegalprotectionforintellectualpropertytheycreateandown.Intellectualproper【C1】______fro

Individualsandbusinesseshavelegalprotectionforintellectualpropertytheycreateandown.Intellectualproper【C1】______fro

Menandwomendothinkdifferently,atleastwheretheanatomyofthebrainisconcerned,accordingtoanewstudy.Thebrainis

[A]Marketforglasscraftsisgrowing[B]Dependenceofcomputerdevelopmentonglass[C]Behindtheadaptabilityofglass[D]

VirtualDriverDrivinginvolvessharpeyesandkeenears,analyzingwithabrain,andcoordinationbetweenhands,feetandb

[A]Butworkisunderwaytogetcomputerstocapturehumanlifeandrememberitaspeopledo—recallingbitsofexperiencethata

Forthispart,youareallowed30minutestowriteacompositionaccordingtothefollowingtopic.CCTVhasbeenputtingup

在Internet选项中删除Cookies。

以下属于“证”的有

纤溶酶含量减少可见于()

喘证辨证时最宜首先辨别()

有关指数的编制，下列说法中正确的是()。

不属于膨胀土的工程特性的是()。

以下对公文撰写要求的说法，错误的有()。

分析下面的谱例。要求：画出结构图示，写出乐曲的结构名称。

埃赫那吞改革

下列关于综合布线的描述中，错误的是（）。