Scribd
Upload
108 views4 pages

Domain: Information Security Domain: Information Security

The document discusses various information security topics such as how to dispose of obsolete prototypes, what qualifies as a trade secret, sanitization methods for electronic media, recovery after information loss, differences between embedded and host-based systems, aspects of information that must be protected, infrastructure management countermeasures, layers of the OSI network model, escalation of privilege attacks, and elements that should be included in information security policies.

Uploaded by

quinlent
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
108 views4 pages

Domain: Information Security Domain: Information Security

The document discusses various information security topics such as how to dispose of obsolete prototypes, what qualifies as a trade secret, sanitization methods for electronic media, recovery after information loss, differences between embedded and host-based systems, aspects of information that must be protected, infrastructure management countermeasures, layers of the OSI network model, escalation of privilege attacks, and elements that should be included in information security policies.

Uploaded by

quinlent
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

1: H

 ow should obsolete prototypes, 2: W


 hat qualifies something as a
models, and test items be disposed of? trade secret?

Domain: Information Security Domain: Information Security

3: W
 hat are three methods of sanitizing 4: W
 hat are the two primary aspects of
electronic media? recovery after an information loss?

Domain: Information Security Domain: Information Security

5: D
 uring which stage of a project is 6: W
 hat is the difference between
critical information most vulnerable? embedded and host-based systems?

Domain: Information Security Domain: Information Security

7: W
 hat three aspects of information 8: W
 hat are the five IS infrastructure
must be protected? management countermeasures?

Domain: Information Security Domain: Information Security


2: T he information added value or 1: T hey should be destroyed so they
benefit to the owner, the trade secret can’t be reverse engineered
was specifically identified, and the
owner provided a reasonable level of
protection for the information

IAP 1.5.4 p 24 IAP 1.4.2 p 14

4: R
 eturn to normal business operations 3: O
 verwriting, degaussing, physical
ASAP and implement measures to destruction
prevent a recurrence

IAP 1.7 p 30 IAP 1.6.2 p 27

6: Embedded systems are typically 5: T he intermediate phases


programmed at the manufacturer and run
proprietary or nonstandard operating systems,
e.g. cameras, card readers, and video converters.

Host-based systems run on more standard


operating systems such as Windows and Linux and
are easier to change

IAP 2.5 p 73 IAP 1 Appendix D p 49

8: V
 ulnerability and patch management, 7: C
 onfidentiality, integrity, availability
system monitoring and log review, IS
security metrics, physical security of
the IS infrastructure, IT staff training
in information security

IAP 3.1.6 p 91 IAP 2.3 p 69, IAP 3 85


9: W
 hat are the seven layers of the Open 10: W
 hat is the “A triad” of information
Systems Interconnect network model? security with regard to access
control?

Domain: Information Security Domain: Information Security

11: W
 hat is an escalation of privilege 12: A
 ccording to ISO 27002, which
attack? three elements of guidance should
information security policies include,
at a minimum?

Domain: Information Security Domain: Information Security

Domain: Information Security Domain: Information Security

Domain: Information Security Domain: Information Security


10: A
 uthentication, authorization, 9: P
 hysical, data link, network, transport,
auditing/accountability session, presentation, application

IAP Figure 3-7 p 103 IAP 3.2.1 p 97

12: D
 efinition of information security 11: W
 hen an email program is tricked
and its objectives/scope, statement into executing an email as if it were a
of management intent, brief program rather than text
explanation of security policies/
principles/standards important to the
organization

IAP 3.5.2 p 141 SOP 3.2.1 p 48 Security Management 4.5.1 p 90

You might also like