INFOSEC FINAL ASSESSMENT MATERIALS
2026 VERIFIED SOLUTIONS GRADED A+
◉ A security mechanism is a method, tool, or procedure for enforcing
a security policy. Answer: True
◉ The role of trust is not crucial to understanding the nature of
computer security. Answer: False
◉ A security policy is a statement of what is, and what is not,
allowed. Answer: True
◉ Analysis of a policy model usually discusses particular policies.
Answer: False
◉ Match the following terms to their definitions:
- Principle of Least Privilege / Principle of Least Authority
- Principle of Separation of Privilege
- Principle of Fail-Safe Defaults
- Principle of Least Common Mechanism
- Principle of Least Astonishment Answer: Principle of Least
Privilege / Principle of Least Authority - a subject should be given
only those privileges that it needs in order to complete its task
,Principle of Separation of Privilege - a system should not grant
permission based on a single condition
Principle of Fail-Safe Defaults - unless a subject is given explicit
access to an object, it should be denied access to that object
Principle of Least Common Mechanism - mechanisms used to access
resources should not be shared
Principle of Least Astonishment - security mechanisms should be
designed to that users understand the reason that the mechanisms
work the way it does and that using the mechanism is simple
◉ Security mechanisms must be technical in nature. Answer: False
◉ In theory, formal verification can prove the absence of
vulnerabilities. Answer: True
◉ Penetration testing is a testing technique, not a proof technique.
Answer: True
◉ The White Team is made up of all-knowing, neutral, third-party
individuals who set the rules of engagement, organizes teams, makes
plans and monitors progress. Answer: True
, ◉ Black-box testing Answer: uses test methods that aren't based
directly on knowledge of a program's architecture or design
◉ White-box testing Answer: Based on knowledge of the
application's design and source code.
◉ Gray Box Testing Answer: Uses limited knowledge of the
program's internals. This might mean the tester knows about some
parts of the source code and not others
◉ Unlike other testing and verification technologies, a penetration
test examines procedural and operational controls as well as
technological controls. Answer: True
◉ The primary goal of a Purple Team is to maximize the results of
Red Team engagements and improve Blue Team capability. Answer:
True
◉ Select the correct Audit Data Collection Methods Answer:
Checklists
Reviewing Polcy
Questionnaires
◉ The goal of a penetration study/test is to violate the site security
policy. Answer: True
2026 VERIFIED SOLUTIONS GRADED A+
◉ A security mechanism is a method, tool, or procedure for enforcing
a security policy. Answer: True
◉ The role of trust is not crucial to understanding the nature of
computer security. Answer: False
◉ A security policy is a statement of what is, and what is not,
allowed. Answer: True
◉ Analysis of a policy model usually discusses particular policies.
Answer: False
◉ Match the following terms to their definitions:
- Principle of Least Privilege / Principle of Least Authority
- Principle of Separation of Privilege
- Principle of Fail-Safe Defaults
- Principle of Least Common Mechanism
- Principle of Least Astonishment Answer: Principle of Least
Privilege / Principle of Least Authority - a subject should be given
only those privileges that it needs in order to complete its task
,Principle of Separation of Privilege - a system should not grant
permission based on a single condition
Principle of Fail-Safe Defaults - unless a subject is given explicit
access to an object, it should be denied access to that object
Principle of Least Common Mechanism - mechanisms used to access
resources should not be shared
Principle of Least Astonishment - security mechanisms should be
designed to that users understand the reason that the mechanisms
work the way it does and that using the mechanism is simple
◉ Security mechanisms must be technical in nature. Answer: False
◉ In theory, formal verification can prove the absence of
vulnerabilities. Answer: True
◉ Penetration testing is a testing technique, not a proof technique.
Answer: True
◉ The White Team is made up of all-knowing, neutral, third-party
individuals who set the rules of engagement, organizes teams, makes
plans and monitors progress. Answer: True
, ◉ Black-box testing Answer: uses test methods that aren't based
directly on knowledge of a program's architecture or design
◉ White-box testing Answer: Based on knowledge of the
application's design and source code.
◉ Gray Box Testing Answer: Uses limited knowledge of the
program's internals. This might mean the tester knows about some
parts of the source code and not others
◉ Unlike other testing and verification technologies, a penetration
test examines procedural and operational controls as well as
technological controls. Answer: True
◉ The primary goal of a Purple Team is to maximize the results of
Red Team engagements and improve Blue Team capability. Answer:
True
◉ Select the correct Audit Data Collection Methods Answer:
Checklists
Reviewing Polcy
Questionnaires
◉ The goal of a penetration study/test is to violate the site security
policy. Answer: True
