安全管理习题讲解.pptxVIP

安全管理习题讲解第1页/共54页 QUIZ2 According to governmental data classification levels, how would answers to tests and health care information be classified?A ConfidentialB Sensitive but unclassifiedC Private D UnclassifiedB第2页/共54页 第3页/共54页 QUIZ3. According to private sector data classification levels, how would salary levels and medical information be classified? A Confidential B Public C Private D SensitiveC第4页/共54页 QUIZ 4 Which of the next are steps of a common development process of creating a security policy, standards and procedures? A design, development, publication, coding, testing B design, evaluation, approval, publication, implementation C initial and evaluation, development, approval, publication, implementation, maintenance D feasibility, development, approval, implementation, integrationC第5页/共54页 5 What is the main purpose of a security policy?A to transfer the responsibility for the information security to all users of the organizationB to provide detailed steps for performing specific actionsC to provide a common framework for all development activitiesD to provide the management direction and support for information securityD第6页/共54页 6 Which of the following department managers would be best suited to oversee the development of an information security policy?A Security administrationB Human resourcesC Business operationsD Information systemsC第7页/共54页 7 Which of the following is not a responsibility of an information owner?A Running regular backups and periodically testing the validity of the backup data.B Delegate the responsibility of data protection to data custodians.C Periodically review the classification assignments against business needs.D Determine what level of classification the information requires.A第8页/共54页 8 Which of the following is not a goal of integrity?A Prevention of the modification of information by unauthorized users.B Prevention of the unauthorized or unintentional modification of in