SECURITY CASE EXAM questions and
answers rated A+
A network administrator notices that some users are turning off or otherwise bypassing a
software security system. Which one of the core IT Security Design Principles has been violated
to cause this? - correct answer ✔✔ Psychological acceptability.
Which international standard for computer security certification does the Common Criteria for
Information Technology Security Evaluation adhere to? - correct answer ✔✔ ISO/IEC 15408.
The Evaluation Assurance Level (EAL) of an information security product is specified in which of
the following documents? - correct answer ✔✔ The Protection Profile.
SP 800 Computer Security is a publication series by which national body? - correct answer ✔✔
NIST.
Which of the following is the parent organisation of the National Cyber Security Centre (NCSC)?
- correct answer ✔✔ GCHQ.
Which of the following is a description of enterprise architecture? - correct answer ✔✔ It
focuses on business processes and objectives.
Which NIST special publication subseries targets specific cybersecurity challenges in the public
and private sectors and offers practical and user-friendly guides to facilitate adoption of
standards-based approaches to cybersecurity? - correct answer ✔✔ SP 1800
, When seeking Common Criteria certification, which document describes the security properties
of a Target of Evaluation (TOE) and may claim that it conforms with a particular Protection
Profile? - correct answer ✔✔ Security Target (ST).
OWASP classifies risk as the product of which two of the following factors? - correct answer ✔✔
Likelihood and Impact.
Which of the following is NOT a facet of trustworthiness, as defined by the Trustworthy
Software Foundation (TSFdn)? - correct answer ✔✔ Integrity.
Which ONE of the following core IT security design principles CANNOT be applied to the root
account of a UNIX operating system? - correct answer ✔✔ Least privilege.
Which approach to guidance does NCSC employ in its publications to the public? - correct
answer ✔✔ Advice.
Which security standard must all Common Criteria testing laboratories comply with - correct
answer ✔✔ ISO/IEC 17025.
Which of the following would NOT be used as evidence inside a security case for a database? -
correct answer ✔✔ Documentation of the potential user-base and retail strategies, including
user-documentation, configuration details, pricing and manufacturing quality assurance reports.
As computer security threats have evolved over time, perimeter protection devices have been
developed to keep abreast of this evolution. Which of the following technologies provides the
weakest level of protection for a network? - correct answer ✔✔ Static packet filtering.
Which of the following will future-proof the internal security of a network? - correct answer
✔✔ Ongoing user education.
answers rated A+
A network administrator notices that some users are turning off or otherwise bypassing a
software security system. Which one of the core IT Security Design Principles has been violated
to cause this? - correct answer ✔✔ Psychological acceptability.
Which international standard for computer security certification does the Common Criteria for
Information Technology Security Evaluation adhere to? - correct answer ✔✔ ISO/IEC 15408.
The Evaluation Assurance Level (EAL) of an information security product is specified in which of
the following documents? - correct answer ✔✔ The Protection Profile.
SP 800 Computer Security is a publication series by which national body? - correct answer ✔✔
NIST.
Which of the following is the parent organisation of the National Cyber Security Centre (NCSC)?
- correct answer ✔✔ GCHQ.
Which of the following is a description of enterprise architecture? - correct answer ✔✔ It
focuses on business processes and objectives.
Which NIST special publication subseries targets specific cybersecurity challenges in the public
and private sectors and offers practical and user-friendly guides to facilitate adoption of
standards-based approaches to cybersecurity? - correct answer ✔✔ SP 1800
, When seeking Common Criteria certification, which document describes the security properties
of a Target of Evaluation (TOE) and may claim that it conforms with a particular Protection
Profile? - correct answer ✔✔ Security Target (ST).
OWASP classifies risk as the product of which two of the following factors? - correct answer ✔✔
Likelihood and Impact.
Which of the following is NOT a facet of trustworthiness, as defined by the Trustworthy
Software Foundation (TSFdn)? - correct answer ✔✔ Integrity.
Which ONE of the following core IT security design principles CANNOT be applied to the root
account of a UNIX operating system? - correct answer ✔✔ Least privilege.
Which approach to guidance does NCSC employ in its publications to the public? - correct
answer ✔✔ Advice.
Which security standard must all Common Criteria testing laboratories comply with - correct
answer ✔✔ ISO/IEC 17025.
Which of the following would NOT be used as evidence inside a security case for a database? -
correct answer ✔✔ Documentation of the potential user-base and retail strategies, including
user-documentation, configuration details, pricing and manufacturing quality assurance reports.
As computer security threats have evolved over time, perimeter protection devices have been
developed to keep abreast of this evolution. Which of the following technologies provides the
weakest level of protection for a network? - correct answer ✔✔ Static packet filtering.
Which of the following will future-proof the internal security of a network? - correct answer
✔✔ Ongoing user education.
