26. Which of the following states that users should be given only the level of access needed to perform their duties?
(A) Separation of duties
(B) Accountability
(C) Principle of least privilege
(D) Authorization

3. Mark is attempting to log on to a computer system. He successfully presents his user credentials, but the system continually denies his logon attempts and will not allow him to access the system. Which of the following steps in the logon process is failing? (A) Identification (B) Authorization (C) Authentication (D) Auditing

4. Which of the following supporting elements of security relates to the correct level of permissions, rights, and privileges that a person may have with respect to what actions they may take with data or on a system? (A) Non-repudiation (B) Authorization (C) Confidentiality (D) Authentication

5. An organization decides to split the ability to perform security-related tasks among several different people. Which of the following concepts is the organization practicing? (A) Non-repudiation (B) Administrative control (C) Job rotation (D) Separation of duties 

6. The company policy requires that two people be present in order to witness and verify that highly sensitive information that is no longer needed has been properly destroyed. What practice is the company adhering to by requiring two people to perform this task?(A) Multi-person control(B)Separation of duties(C) Non-repudiation(D)Job rotation

7.The company suspects that Mike, a system administrator, is performing unauthorized actions on the network. Mike has not taken any significant time off in several years. Which of the following practices should the company consider in order to audit the activities Mike has performed while in his position?(A) Separation of duties(B) Job rotation(C)Mandatory vacation(D) Multi-person control

8.Jessica, who works in the accounting department, was discovered to have been performing administrative level actions on the accounting servers during a recent audit. While these actions were not malicious in nature, Jessica does not work at a level that would typically require şerver administration duties. Which of the following is not being properly implemented in the scenario?(A) Separation of duties.(B) Principle of least privilege(C) Technical control(D) Accountability

9.The company was recently subject to a hacking attack that resulted in the breach of several thousand records containing consumer financial data. All the following are examples of actions the company took to prevent such an attack, demonstrating due care, except: (A) Allowing all employees, regardless of duties, to access the data (B)Installing and securely configuring a firewall (C) Enabling encryption for all data (D) Requiring strong authentication methods

10. Data that is said to be easily readable by humans or machines is called ______(A) ciphertext (B) plaintext (C) coded text (D) encrypted text 

11. Which of the following is the process used to convert ciphertext to plaintext? (A) Decryption (B) Encryption (C) Encoding (D) Enciphering

12. Which of the following terms describes data that is stored on media, usually in the form of files? (A) Data-in-RAM (B) Data-in-process (C) Data-in-transit (D) Data-at-rest

114年 - 114 教育部公費留學考試試題：資訊安全概論#135195

113年 - [無官方正解]113 國立清華大學_碩士班考試入學試題:資訊安全#130695

113年 - 113 教育部公費留學考試試題：資訊安全概論#125716

112年 - [無官方正解]112 國立清華大學碩士班考試入學試題_資訊安全研究所：資訊安全#130782

112年 - 112 教育部公費留學考試試題：資訊安全概論#125717

111年 - [無官方正解]111 國立清華大學碩士班考試入學試題_資訊安全研究所：資訊安全#130742

111年 - 111 教育部_公費留學考試：資訊安全概論#125712

110年 - [無官方正解]109 國立清華大學_碩士班考試入學試題_資訊安全研究所：資訊安全#130996

110年 - 110 教育部公費留學考試試題：資訊安全概論#125719

110年 - 110 國立清華大學碩士班考試入學試題_資訊安全研究所:資訊安全#105636