SABSA Test: Accurate Solutions For All Questions
Which ONE of the following types of policy applies at the Conceptual Layer of
SABSA
Policy Architecture?
A. Enterprise-wide Business Risk Management Policy
B. Enterprise-wide Information Security Policy
C. Domain-level Applications Security Policy
D. Domain-level Network Security Policy Correct Answer - B
Which ONE of the following statements about SABSA Policy Architecture is
FALSE?
A. Procedures are Physical Layer representations of policy but executing
procedures
is a Management Layer activity
B. Technical standards are the Logical Layer representations of domain policy
C. Logical Layer policy states the security services required in a domain
D. Policy above the Logical Layer in the SABSA Architecture Matrix applies
enterprisewide Correct Answer - B
Of the sequence of capabilities in the SABSA Multi-tiered Control Strategy
defence-indepth
model which ONE of the following appears EARLIEST?
A. Containment
B. Prevention
C. Recovery and Restoration
D. Detection and Notification Correct Answer - B
At which layer of the SABSA Architecture Matrix is the Attributes Profile
delivered?
A. Contextual Security Architecture
B. Conceptual Security Architecture
C. Logical Security Architecture
D. Physical Security Architecture Correct Answer - B
Which ONE of the following guiding principles for a sound architecture
framework is
TRUE?
A. The architecture framework must not presuppose any particular technical
, standards or operating culture
B. The architecture resulting from use of the framework must meet the set of
business requirements dictated by current 'best practice'
C. The architecture framework must assume current policy, standards and
technologies will remain static over time
D. The architecture framework Correct Answer - A
Which ONE of the following is of LEAST benefit to the Security Architect when
applying to security the engineering concept of the Single Integrated Complex
System?
A. It enables a checklist approach
B. It designs in the ability to deal with rapid or frequent change
C. It ensures that requirements for properly delivered and supported security
services are included within the scope of the architecture
D. It provides assurance that security components and processes are
designed,procured and managed Correct Answer - A
In the SABSA Corporate Governance Model, which ONE of the following
statements is
TRUE?
A. During the Implement Phase, internal controls are reported to external
authorities
such as regulators
B. During the Strategy & Planning Phase, Domain Authorities design risk
management processes
C. During the Manage & Measure Phase, Line Management monitors
performance
against Key Risk Indicator thresholds
D. During the Design Phase, staff review risk appetite Correct Answer - C
Which ONE of the following is the LEAST applicable "The SABSAarchitecture
concept aids corporate governance and efficient management by...?
A. Delivering economies of scale and standardization through an enterprise
blueprint and roadmap
B. Distributing policies, principles and design rules top-down from defined
business requirements
C. Enabling projects to design and deliver tactical solutions independently of
business goals and policies
Which ONE of the following types of policy applies at the Conceptual Layer of
SABSA
Policy Architecture?
A. Enterprise-wide Business Risk Management Policy
B. Enterprise-wide Information Security Policy
C. Domain-level Applications Security Policy
D. Domain-level Network Security Policy Correct Answer - B
Which ONE of the following statements about SABSA Policy Architecture is
FALSE?
A. Procedures are Physical Layer representations of policy but executing
procedures
is a Management Layer activity
B. Technical standards are the Logical Layer representations of domain policy
C. Logical Layer policy states the security services required in a domain
D. Policy above the Logical Layer in the SABSA Architecture Matrix applies
enterprisewide Correct Answer - B
Of the sequence of capabilities in the SABSA Multi-tiered Control Strategy
defence-indepth
model which ONE of the following appears EARLIEST?
A. Containment
B. Prevention
C. Recovery and Restoration
D. Detection and Notification Correct Answer - B
At which layer of the SABSA Architecture Matrix is the Attributes Profile
delivered?
A. Contextual Security Architecture
B. Conceptual Security Architecture
C. Logical Security Architecture
D. Physical Security Architecture Correct Answer - B
Which ONE of the following guiding principles for a sound architecture
framework is
TRUE?
A. The architecture framework must not presuppose any particular technical
, standards or operating culture
B. The architecture resulting from use of the framework must meet the set of
business requirements dictated by current 'best practice'
C. The architecture framework must assume current policy, standards and
technologies will remain static over time
D. The architecture framework Correct Answer - A
Which ONE of the following is of LEAST benefit to the Security Architect when
applying to security the engineering concept of the Single Integrated Complex
System?
A. It enables a checklist approach
B. It designs in the ability to deal with rapid or frequent change
C. It ensures that requirements for properly delivered and supported security
services are included within the scope of the architecture
D. It provides assurance that security components and processes are
designed,procured and managed Correct Answer - A
In the SABSA Corporate Governance Model, which ONE of the following
statements is
TRUE?
A. During the Implement Phase, internal controls are reported to external
authorities
such as regulators
B. During the Strategy & Planning Phase, Domain Authorities design risk
management processes
C. During the Manage & Measure Phase, Line Management monitors
performance
against Key Risk Indicator thresholds
D. During the Design Phase, staff review risk appetite Correct Answer - C
Which ONE of the following is the LEAST applicable "The SABSAarchitecture
concept aids corporate governance and efficient management by...?
A. Delivering economies of scale and standardization through an enterprise
blueprint and roadmap
B. Distributing policies, principles and design rules top-down from defined
business requirements
C. Enabling projects to design and deliver tactical solutions independently of
business goals and policies
