Domain 3
SABSA - answer A holistic lifecycle for developing security architecture that begins with
assessing business requirements and subsequently creating a 'chain of traceability'
through phases of strategy, concept, design, implementation and metrics is
characteristic of which of the following frameworks?
It represents a simple, long term view of control, it provides a unified vision for common
security controls, it leverages existing technology investments, it provides a flexible
approach to current and future threats and also the needs of core functions - answer
While an Enterprise Security Architecture (ESA) can be applied in many different ways,
it is focused on a few key goals. Identify the proper listing of the goals for the ESA:
threat modeling, data classification, and risk assessment - answer Which of the
following can BEST be used to capture detailed security requirements?
ISO 27000 - answerA holistic lifecycle for developing security architecture that begins
with assessing business requirements and subsequently creating a 'chain of traceability'
through phases of strategy, concept, design, implementation and metrics is
characteristic of which of the following frameworks?
Security policy - answerWhich of the following describes the rules that need to be
implemented to ensure that the security requirements are met?
Matrix-based - answerA two-dimensional grouping of individual subjects into groups or
roles and granting access to groups to objects is an example of which of the following
types of models?
Bell-LaPadula - answerWhich of the following models ensures that a subject with
clearance level of 'Secret' has the ability to write only to objects classified as 'Secret' or
'Top Secret' but is prevented from writing information classified as 'Public'?
Invocation property - answerWhich of the following is unique to the Biba Integrity
Model?
Brewer-Nash - answerWhich of the following model is BEST considered in a shared
data-hosting environment so that the data of one customer is not disclosed to a
competitor or other customers sharing that hosted environment?
Graham-Denning - answerWhich of the following security models is primarily concerned
with how the subjects and objects are created and how subjects are assigned rights or
privileges?
SABSA - answer A holistic lifecycle for developing security architecture that begins with
assessing business requirements and subsequently creating a 'chain of traceability'
through phases of strategy, concept, design, implementation and metrics is
characteristic of which of the following frameworks?
It represents a simple, long term view of control, it provides a unified vision for common
security controls, it leverages existing technology investments, it provides a flexible
approach to current and future threats and also the needs of core functions - answer
While an Enterprise Security Architecture (ESA) can be applied in many different ways,
it is focused on a few key goals. Identify the proper listing of the goals for the ESA:
threat modeling, data classification, and risk assessment - answer Which of the
following can BEST be used to capture detailed security requirements?
ISO 27000 - answerA holistic lifecycle for developing security architecture that begins
with assessing business requirements and subsequently creating a 'chain of traceability'
through phases of strategy, concept, design, implementation and metrics is
characteristic of which of the following frameworks?
Security policy - answerWhich of the following describes the rules that need to be
implemented to ensure that the security requirements are met?
Matrix-based - answerA two-dimensional grouping of individual subjects into groups or
roles and granting access to groups to objects is an example of which of the following
types of models?
Bell-LaPadula - answerWhich of the following models ensures that a subject with
clearance level of 'Secret' has the ability to write only to objects classified as 'Secret' or
'Top Secret' but is prevented from writing information classified as 'Public'?
Invocation property - answerWhich of the following is unique to the Biba Integrity
Model?
Brewer-Nash - answerWhich of the following model is BEST considered in a shared
data-hosting environment so that the data of one customer is not disclosed to a
competitor or other customers sharing that hosted environment?
Graham-Denning - answerWhich of the following security models is primarily concerned
with how the subjects and objects are created and how subjects are assigned rights or
privileges?
