2. 计算机
  3. The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

The following scenario applies to questions 29, 30, and 31. Barry has just been hired as the company security officer at an inte

admin2013-12-19  102
问题 The following scenario applies to questions 29, 30, and 31.
Barry has just been hired as the company security officer at an international financial institution. He has reviewed the company’s data protection policies and procedures. He sees that the company stores its sensitive data within a secured database. The database is located in a network segment all by itself, which is monitored by a network-based intrusion detection system. The database is hosted on a server kept within a server room, which can only be accessed by personnel with the correct PIN value and smart card. Barry finds that the sensitive data backups are not being properly secured and requests that the company implement a secure courier service that moves backup tapes to a secured location. His management states that this option is too expensive, so Barry implements a local hierarchy storage management system that properly protects the sensitive data.
Which of the following best describes the control types the company originally had in place?
选项 A、Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical detective controls are the physical location of the database and PIN and smart card access controls.
B、Administrative preventive controls are the policies. Technical preventive controls are securing the system and intrusion detection system. Physical preventive controls are the physical location of the database and PIN and smart card access controls.
C、Administrative corrective controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical preventive controls are the physical location of the database and PIN
D、Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system and network segmentation. The technical detective control is the intrusion detection system. Physical preventive controls are the phy
答案D
解析 D正确。行政预防控制指的是政策和过程。技术预防控制是为了确保系统和网络部门的安全。技术检测控制指的是入侵检测系统,物理预防控制指的是数据库、PIN和智能卡访问控制的物理位置。
A不正确。因为入侵检测系统不是一种预防控制,这是一个检测控制的例子。保证恰当的预防控制和检测控制至关重要。
B不正确。因为这个选项是一个行政防御控制,它没有提到过程。这个答案也错误地将入侵检测系统描述为预防控制,而不是检测控制。
C不正确。因为这个答案错误地将入侵检测系统描述为一组预防控制,而不是检测控制。这个答案也描述了政策和过程是矫正控制,但是它们是预防控制。
转载请注明原文地址:https://www.kaotiyun.com/show/FNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)