2. 计算机
  3. The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

admin2013-12-19  70
问题 The following scenario applies to questions 29, 30, and 31.
Barry has just been hired as the company security officer at an international financial institution. He has reviewed the company’s data protection policies and procedures. He sees that the company stores its sensitive data within a secured database. The database is located in a network segment all by itself, which is monitored by a network-based intrusion detection system. The database is hosted on a server kept within a server room, which can only be accessed by personnel with the correct PIN value and smart card. Barry finds that the sensitive data backups are not being properly secured and requests that the company implement a secure courier service that moves backup tapes to a secured location. His management states that this option is too expensive, so Barry implements a local hierarchy storage management system that properly protects the sensitive data.
The storage management system that Barry put into place is referred to as which of the following?
选项 A、Administrative control
B、Compensating control
C、Physical control
D、Confidentiality control
答案B
解析 B正确。补偿性控制是一种分时控制。与快递服务不同,该公司实施的是内部存储管理系统。补偿性控制本质上可以是行政型控制,物理性控制或技术性控制。
A不正确。因为存储管理系统不是行政控制,而是一种技术补偿性控制。
C不正确。因为存储管理系统不是物理控制,而是一种技术补偿性控制。
D不正确。不正确并且是一个干扰选项。因为控制的主要分类有行政控制、技术控制和物理控制。这些控制可以提供很多不同类型的服务和保护——保密性也属于一种类型的保护。
转载请注明原文地址:https://kaotiyun.com/show/GNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)