CISSP-Security Architecture
A holistic lifecycle for developing security architecture that begins with assessing
business requirements and subsequently creating a 'chain of traceability' through
phases of strategy, concept, design, implementation and metrics is characteristic of
which of the following frameworks?
A. Zachman
B. SABSA
C. ISO 27000
D. TOGAF – answer B. SABSA
Which of the following component of ITIL's service portfolio is primarily focused on
translating designs into operational services through a project management standard?
A. Service strategy
B. Service design
C. Service transition
D. Service operations – answer C. Service transition
Which of the following can BEST be used to capture detailed security requirements?
A. Threat modeling, covert channels, and data classification
B. Data classification, risk assessments, and covert channels
C. Risk assessments, covert channels, and threat modeling
D. Threat modeling, data classification, and risk assessments - answerD. Threat
modeling, data classification, and risk assessments
Which of the following security standards is internationally recognized as the standards
for sound security practices and is focused on the standardization and certification of an
organization's Information Security Management System (ISMS)?
A. ISO 15408
B. ISO 27001
C. ISO 9001
D. ISO 9146 - answerB. ISO 27001
Which of the following describes the rules that need to be implemented to ensure that
the security requirements are met?
A. Security kernel
B. Security policy
C. Security model
D. Security reference monitor - answerB. Security policy
A two-dimensional grouping of individual subjects into groups or roles and granting
access to groups to objects is an example of which of the following types of models?
A. Multilevel lattice
A holistic lifecycle for developing security architecture that begins with assessing
business requirements and subsequently creating a 'chain of traceability' through
phases of strategy, concept, design, implementation and metrics is characteristic of
which of the following frameworks?
A. Zachman
B. SABSA
C. ISO 27000
D. TOGAF – answer B. SABSA
Which of the following component of ITIL's service portfolio is primarily focused on
translating designs into operational services through a project management standard?
A. Service strategy
B. Service design
C. Service transition
D. Service operations – answer C. Service transition
Which of the following can BEST be used to capture detailed security requirements?
A. Threat modeling, covert channels, and data classification
B. Data classification, risk assessments, and covert channels
C. Risk assessments, covert channels, and threat modeling
D. Threat modeling, data classification, and risk assessments - answerD. Threat
modeling, data classification, and risk assessments
Which of the following security standards is internationally recognized as the standards
for sound security practices and is focused on the standardization and certification of an
organization's Information Security Management System (ISMS)?
A. ISO 15408
B. ISO 27001
C. ISO 9001
D. ISO 9146 - answerB. ISO 27001
Which of the following describes the rules that need to be implemented to ensure that
the security requirements are met?
A. Security kernel
B. Security policy
C. Security model
D. Security reference monitor - answerB. Security policy
A two-dimensional grouping of individual subjects into groups or roles and granting
access to groups to objects is an example of which of the following types of models?
A. Multilevel lattice
