Which of the following are concerned with configuration management (select the b est answer)?

A) hardware B) software C) documentation D) All of the above are concerned with configuration management. Feedback: See page 193. Correct Answer(s): D 2. Which operations security control prevents intruders from internally or external ly accessing the system and lowers the amount and impact of unintentional errors ? A) preventative controls B) detective controls C) corrective controls D) directive controls Feedback: See page 187. Correct Answer(s): A 3. Operations security requires the implementation of physical security to control which of the following? A) incoming hardware B) evacuation procedures C) contingency conditions D) unauthorized personnel acess Feedback: See page 198 and the lecture slides. Correct Answer(s): D 4. Which of the following is the best way to handle obsolete magnetic tapes before disposing of them? A) erasing the tapes B) degaussing the tapes C) initializing the tape lables D) overwriting the tapes Feedback: See page 196. Correct Answer(s): B 5. What is the main objective of separation of duties? A) to prevent employees from disclosing sensitive information B) to ensure that no single individual can compromise a system C) to ensure that audit trails are not tampered with D) to ensure access controls are in place Feedback: See page 188. Correct Answer(s): B 6.

What is the most secure way to dispose of information on a CD-ROM? A) physical distruction B) degaussing C) physical damage D) sanitizing Feedback: Common sense and page 196. Correct Answer(s): A 7. What security procedure forces collusion between two operators of different cate gories to have access to unauthorized data? A) enforcing regular password changes B) systems programmer C) separations of duties D) management of audit logs Feedback: See page 189. Correct Answer(s): C 8. Intrusion response is a: A) preventative control B) detective control C) reactive control D) monitoring control Feedback: See lecture slides. Correct Answer(s): B 9. Operations security seeks to primarily protects against which of the following? A) asset threats B) compromising emanation C) object reuse D) facility disaster Feedback: See page 187. Correct Answer(s): A 10. If a programmer is restricted from updating and modifying production software, w hat is this an example of? A) personnel security B) least priviledge C) rotation of duties D) separation of duties Feedback: See page 189. Correct Answer(s): D 11. Which of the following isn't a media viability control used to protect the feasi bility of data storage media? A) handling

B) storage C) clearing D) marking Feedback: See pages 194 and 195. Correct Answer(s): C 12. It is a violation of the "Separation of duties" principle when the security syst ems software is accessed by which individual? A) systems auditor B) security administrator C) security analyst D) systems programmer Feedback: See page 189. Correct Answer(s): D 13. When backing up an application system's data, which of the following is a key qu estion to be answered first? A) how to store backups B) when to make backups C) what records to backup D) where to keep the backups Feedback: See lecture slides. Correct Answer(s): C