SABSA TEST QUESTIONS AND
ANSWERS
Which ONE of the following statements about the provision of infrastructure security
services is TRUE?
A. Applications security is provided exclusively by implicit security services placed
within the middleware layer
B. Applications security is provided exclusively by explicit security services placed
within the middleware layer and accessed through an API
C. Applications security is provided by a combination of both implicit and explicit
security services placed within the middleware layer
D. A - Answer- D
Alice, Bob and Charlie are the entities in a Trust Relationship. Charlie is the trusted third
party who accredits credentials. Alice presents to Bob credentials that have been
accredited by Charlie. Which party is MOST RELIANT on the trust asserted by the
accreditation (who is the customer of trust)?
A. Alice
B. Bob
C. Charlie
D. Alice, Bob & Charlie equally - Answer- B
At which layer of the SABSA Architecture Matrix is the Attributes Profile delivered?
A. Contextual Security Architecture
B. Conceptual Security Architecture
C. Logical Security Architecture
D. Physical Security Architecture - Answer- B
Which ONE of the following guiding principles for a sound architecture framework is
TRUE?
A. The architecture framework must not presuppose any particular technical
standards or operating culture
B. The architecture resulting from use of the framework must meet the set of
business requirements dictated by current 'best practice'
C. The architecture framework must assume current policy, standards and
technologies will remain static over time
D. The architecture framework - Answer- A
, Which ONE of the following types of policy applies at the Conceptual Layer of SABSA
Policy Architecture?
A. Enterprise-wide Business Risk Management Policy
B. Enterprise-wide Information Security Policy
C. Domain-level Applications Security Policy
D. Domain-level Network Security Policy - Answer- B
Which ONE of the following statements about SABSA Policy Architecture is FALSE?
A. Procedures are Physical Layer representations of policy but executing procedures
is a Management Layer activity
B. Technical standards are the Logical Layer representations of domain policy
C. Logical Layer policy states the security services required in a domain
D. Policy above the Logical Layer in the SABSA Architecture Matrix applies
enterprisewide - Answer- B
Of the sequence of capabilities in the SABSA Multi-tiered Control Strategy defence-
indepth
model which ONE of the following appears EARLIEST?
A. Containment
B. Prevention
C. Recovery and Restoration
D. Detection and Notification - Answer- B
Which ONE of the following is of LEAST benefit to the Security Architect when applying
to security the engineering concept of the Single Integrated Complex System?
A. It enables a checklist approach
B. It designs in the ability to deal with rapid or frequent change
C. It ensures that requirements for properly delivered and supported security
services are included within the scope of the architecture
D. It provides assurance that security components and processes are
designed,procured and managed - Answer- A
In the SABSA Corporate Governance Model, which ONE of the following statements is
TRUE?
A. During the Implement Phase, internal controls are reported to external authorities
such as regulators
B. During the Strategy & Planning Phase, Domain Authorities design risk
management processes
C. During the Manage & Measure Phase, Line Management monitors performance
against Key Risk Indicator thresholds
D. During the Design Phase, staff review risk appetite - Answer- C
Which ONE of the following is the LEAST applicable "The SABSAarchitecture concept
aids corporate governance and efficient management by...?
A. Delivering economies of scale and standardization through an enterprise blueprint
and roadmap
ANSWERS
Which ONE of the following statements about the provision of infrastructure security
services is TRUE?
A. Applications security is provided exclusively by implicit security services placed
within the middleware layer
B. Applications security is provided exclusively by explicit security services placed
within the middleware layer and accessed through an API
C. Applications security is provided by a combination of both implicit and explicit
security services placed within the middleware layer
D. A - Answer- D
Alice, Bob and Charlie are the entities in a Trust Relationship. Charlie is the trusted third
party who accredits credentials. Alice presents to Bob credentials that have been
accredited by Charlie. Which party is MOST RELIANT on the trust asserted by the
accreditation (who is the customer of trust)?
A. Alice
B. Bob
C. Charlie
D. Alice, Bob & Charlie equally - Answer- B
At which layer of the SABSA Architecture Matrix is the Attributes Profile delivered?
A. Contextual Security Architecture
B. Conceptual Security Architecture
C. Logical Security Architecture
D. Physical Security Architecture - Answer- B
Which ONE of the following guiding principles for a sound architecture framework is
TRUE?
A. The architecture framework must not presuppose any particular technical
standards or operating culture
B. The architecture resulting from use of the framework must meet the set of
business requirements dictated by current 'best practice'
C. The architecture framework must assume current policy, standards and
technologies will remain static over time
D. The architecture framework - Answer- A
, Which ONE of the following types of policy applies at the Conceptual Layer of SABSA
Policy Architecture?
A. Enterprise-wide Business Risk Management Policy
B. Enterprise-wide Information Security Policy
C. Domain-level Applications Security Policy
D. Domain-level Network Security Policy - Answer- B
Which ONE of the following statements about SABSA Policy Architecture is FALSE?
A. Procedures are Physical Layer representations of policy but executing procedures
is a Management Layer activity
B. Technical standards are the Logical Layer representations of domain policy
C. Logical Layer policy states the security services required in a domain
D. Policy above the Logical Layer in the SABSA Architecture Matrix applies
enterprisewide - Answer- B
Of the sequence of capabilities in the SABSA Multi-tiered Control Strategy defence-
indepth
model which ONE of the following appears EARLIEST?
A. Containment
B. Prevention
C. Recovery and Restoration
D. Detection and Notification - Answer- B
Which ONE of the following is of LEAST benefit to the Security Architect when applying
to security the engineering concept of the Single Integrated Complex System?
A. It enables a checklist approach
B. It designs in the ability to deal with rapid or frequent change
C. It ensures that requirements for properly delivered and supported security
services are included within the scope of the architecture
D. It provides assurance that security components and processes are
designed,procured and managed - Answer- A
In the SABSA Corporate Governance Model, which ONE of the following statements is
TRUE?
A. During the Implement Phase, internal controls are reported to external authorities
such as regulators
B. During the Strategy & Planning Phase, Domain Authorities design risk
management processes
C. During the Manage & Measure Phase, Line Management monitors performance
against Key Risk Indicator thresholds
D. During the Design Phase, staff review risk appetite - Answer- C
Which ONE of the following is the LEAST applicable "The SABSAarchitecture concept
aids corporate governance and efficient management by...?
A. Delivering economies of scale and standardization through an enterprise blueprint
and roadmap
