2. 计算机
  3. The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

admin2013-12-19  67
问题 The following scenario applies to questions 29, 30, and 31.
Barry has just been hired as the company security officer at an international financial institution. He has reviewed the company’s data protection policies and procedures. He sees that the company stores its sensitive data within a secured database. The database is located in a network segment all by itself, which is monitored by a network-based intrusion detection system. The database is hosted on a server kept within a server room, which can only be accessed by personnel with the correct PIN value and smart card. Barry finds that the sensitive data backups are not being properly secured and requests that the company implement a secure courier service that moves backup tapes to a secured location. His management states that this option is too expensive, so Barry implements a local hierarchy storage management system that properly protects the sensitive data.
Which are the two most common situations that require the type of control covered in the scenario to be implemented?
选项 A、Defense-in-depth is required, and the current controls only provide one protection layer.
B、Primary control costs too much or negatively affects business operations.
C、Confidentiality is the highest concern in a situation where defense-in-depth is required.
D、Availability is the highest concern in a situation where defense-in-depth is required.
答案B
解析 B正确。之所以实施补偿控制,是因为提议的主要控制太昂贵了但仍然是必需的。所以需要确定和实施能提供相同类型的保护但较为便宜一点的控制。需要补偿控制的另一种情况就是主要控制会负面影响业务运营。
A不正确。因为尽管补偿控制可以提供深度防御,但它并不是这种类型的控制加以实施的原因。
C不正确。因为补偿控制可能会也可能不会提供保密性。但是控制提供的保密性方面的服务并不是实施补偿控制的原因。补偿控制是一种替换控制类型。
D不正确。因为补偿控制可能会也可能不会提供可用性。但是控制提供的可用性方面的服务并不是实施补偿控制的原因。补偿控制是一种替换控制类型。
转载请注明原文地址:https://kaotiyun.com/show/LNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)