ELABORATED DEFINITIVE
SOLUTIONS|A+ GRADED|UPDATED
2025/2026 LATEST VERSION|100%
GUARANTEED PASS!!!
MAC - ANSWER ✓ Mandatory access control (MAC) is a model based upon
security labels.
DAC - ANSWER ✓ Discretionary access control (DAC) is based on identity. This
identity can be a user's identity or a group's identity, and is sometimes referred to
as identity-based access control. DAC is the type of access control that is used in
local, dynamic situations where subjects have the ability to specify what resources
certain users can access.
OMB Circular A-130 - ANSWER ✓ OMB Circular A-130 was developed to meet
information resource management requirements for the federal government.
According to this circular, independent audit should be performed every three
years.
SOX - ANSWER ✓ Sarbanes-Oxley Act (SOX) was developed to ensure that
financial information on publicly traded companies is accurate.
HIPAA - ANSWER ✓ developed to establish national standards for the storage,
use, and transmission of health care data
GLBA - ANSWER ✓ Gramm-Leach-Bliley Act (GLBA) of 1999 was developed
to ensure that financial institutions protect customer information and provide
customers with a privacy notice.
BCP Risks - ANSWER ✓ A business continuity plan includes the strategic
framework for a corporate culture that holds various tactics to mitigate risks. The
following are the risks addressed by a business continuity plan:
Failure of a business process
Loss of assets
, Regulatory liabilities
Customer service failure
Damage to the reputation or brand
acceptable use policy - ANSWER ✓ An acceptable use policy is a document that
exists as a part of the overall security documentation infrastructure. It assigns
security roles within an organization and ensures the associated responsibilities.
informative policy - ANSWER ✓ An informative policy provides knowledge
about a specific subject, such as mission statements, company goals, or how the
organization interacts with partners and customers.
regulated policy - ANSWER ✓ The regulated policy discusses the regulations that
must be followed and outlines the procedures that should be used to elicit
compliance. It is required whenever industry or legal standards are applicable
within an organization.
authorization creep - ANSWER ✓ Authorization creep is the term used to describe
when a user is assigned additional access permissions as a result of changing jobs
system owner - ANSWER ✓ responsible for maintaining and protecting one or
more data processing systems. The role primarily includes the integration of the
required security features into the applications and involves a purchase decision of
the applications. The system owner also ensures that the remote access, password
management, and operating system configurations provide the necessary security.
retina scan - ANSWER ✓ biometric system that examines the unique pattern of
the blood vessels at the back of an individual's eye. In a retina scan, a beam is
projected inside the eye to capture the pattern, and compare it with the reference
records of the individual. The employee is authenticated only if a match is found.
Retina scan provides better accuracy than iris scan.
iris - ANSWER ✓ based on the examination of unique patterns, colors, rings, and
coronas of an individual's eye. Each characteristic is captured by a camera and
compared with the reference records of an employee gathered during the
enrollment process. Iris scanning provides better accuracy than fingerprinting,
voice recognition, or facial recognition.