Homework answers / question archive / Saint Leo University COM 520 Chapter One 1)Which of the following is the best description of the defense-in-depth strategy? A

Saint Leo University COM 520 Chapter One 1)Which of the following is the best description of the defense-in-depth strategy? A

Computer Science

Share With

---

Saint Leo University

COM 520

Chapter One

1)Which of the following is the best description of the defense-in-depth strategy?

A.            Hiding protected resources behind multiple firewalls

B.            Using multiple layers of security controls to protect resources

C.            Fully securing the most important resources first

D.            Staying current on as many known attacks as possible

2.            What is the main goal of information security?

A.            Protect information from unauthorized use

B.            Catch as many unauthorized users as possible

C.            Protect information from unauthorized modification

D.            Stop anonymous users from accessing information

3.            Does turning off a computer make the information it contains secure?

A.            Yes, because no unauthorized user can access information on a computer that is turned off.

B.            No, because the information might be copied somewhere else.

C.            Yes, because aggressive actions always result in more secure systems.

D.            No, because secure data must still be available to authorized users.

4.            Which of the following is the best description of a security control?

A.            A mechanism to stop attacks before they occur

B.            A rule that defines acceptable use of a computer

C.            A mechanism that protects a resource

D.            A device that detects unusual activity

5.            Which of the following could be classified as a logical control?

A.            Firewall

B.            Fence

Acceptable use policy

D. Smoke detector

6.            Which of the following could be classified as a detective control?

A. Password

8.            Door

C. Acceptable use policy

D. Log monitor

7. Which of the tenets of information security most directly serves the needs of authorized users?

A.            Availability

B.            Integrity

C.            Confidentiality

D.            None of the above

8.            Which of the tenets of information security is most related to the need-to-know property?

A.            Availability

B.            Integrity

C.            Confidentiality

D.            None of the above

9. Where is the most likely place a database management system would run?

A.            Network device

B.            Server

C.            Thin client

D.            Thick client

10.          Which Microsoft Windows Server 2008 R2 edition would be most appropriate for large-scale deployment using extensive virtualization?

A.            Datacenter

B.            HPC

C.            Enterprise

D.            Web

11.          According to the Microsoft EULA. what is the extent of the damages that can be recovered due to a Windows fault?

A.            Nothing

 

B.            The price paid for the software license

C.            Actual damages incurred

D.            Actual damages incurred plus the cost of the software license

 

 

12.          Which of the following is the best definition of a threat?

A.            Any exposure to damage

B.            A weakness that allows damage to occur

C.            An action that exploits a weakness

D.            Any action that could lead to damage

13.          What worm was released in 2001and primarily defaced Web sites?

A.            SQL Slammer

B.            Conficker

C.            Code Red

D.            Melissa

14.          What term describes a malicious software program that users are tricked into running?

A.            Trojan horse

B.            Worm

C.            Virus

D.            Phishing message

15.          Which of the following defines the cycle used to address Windows threats and vulnerabilities?

A.            Plan-do-review

B.            Discovery-analysis-remediation

C.            Design-implementation-verification

D.            Detection-containment-eradication