- Home
- Networking
- CCNA Security
16.
The SDLC process does not include which of the following components?
- A.Initiation
- B.Disposition
- C.Remediation
- D.Implementation
- E.Operations and maintenance
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| Remediation is not one of the fi ve phases of the Systems Development Life Cycle (SDLC). The missing one is acquisition and development. |
17.
Which one of the following is not a component of operations security best practices?
- A.Least privilege
- B.Rotation of duties
- C.High availability
- D.Trusted recovery
- E.Configuration management and change management
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| High availability is not an operations security best practice; however, it is a good system design practice. |
18.
Which one of the following is not a component of a good security policy?
- A.A governing policy
- B.User policies
- C.Technical policies
- D.User training
- Answer & Explanation
- Report
Answer : [D]
Explanation :
Explanation :
| User training is not a component of a security policy, but user policies are. |
19.
When performing a risk analysis, which of the following is the number of times an event
might happen in a year?
- A.Guess
- B.ARO
- C.ALE
- D.SRO
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| The annual rate of occurrence (ARO) is the number of times a security risk event might take place in a year. |
20.
Which one of the following is defined as a means to compartmentalize information such as
not to compromise security?
- A.SDLC
- B.CIA
- C.OPSEC
- D.MARS
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
| OPSEC stands for operations security and is borrowed from the U.S. Department of Defense. The term is adapted to mean that a user or administrator should have only the privileges they need to do their job and nothing else. |
|
|
||||||||||||||||||||||||||||
