The other three choices are areas to avoid for expert system methods. These include (i) tasks based on common sense, (ii) tasks requiring perceptual (seeing or touching) knowledge, and (iii) tasks requiring creativity. People, not expert systems, are creative.
92. Which of the following statements is not true about artificial neural networks (ANNs)?
a. The intention of ANNs is to replicate the workings of the human brain.
b. The goal of ANNs is to develop computers that can learn from experience.
c. ANNs have a capacity to generalize.
d. ANNs complement the existing design of computers.
92. a. The intention is not to replicate the workings of the human brain but to use a simple model to see if some of the strengths of the human brain can be shown by computers based on that model. An important goal is to develop computers that can learn from experience. In the process of learning from experience, ANNs show a capacity to generalize. That is, recognizing a new problem as being “close” to the one they know and offering the same solution. ANNs are not meant to replace or supersede the existing design of computers. They are meant to complement them.
93. Defining roles and responsibilities is important in identifying infected hosts with malware incidents. Which of the following groups can assist with host scans?
a. Security administrators
b. System administrators
c. Network administrators
d. Desktop administrators
93. a. Organizations should identify which individuals or groups can assist in infection identification efforts. Security administrators are good at analyzing host scans along with antivirus software, intrusion prevention system (IPS) software, firewalls, and vulnerability assessment results.
94. Which of the following tasks must be performed before placing an information system into production operation?
1. Analyze functional requirements.
2. Analyze assurance requirements.
3. Conduct system design reviews.
4. Perform system tests.
a. 1 and 2
b. 2 and 3
c. 2 and 4
d. 3 and 4
94. d. System design reviews and system tests should be performed in the implementation phase before placing the system into production operation to ensure that it meets all required security specifications. The results of the design reviews or system tests should be fully documented, updating as new reviews or tests are performed. Analysis of functional requirements and assurance requirements is done in the development/acquisition phase, which is prior to the implementation phase.
95. System performance is monitored in which of the following system development life cycle (SDLC) phases?
a. Initiation
b. Development/acquisition
c. Implementation
d. Operation/maintenance
95. d. During the operation/maintenance phase, the organization should continuously monitor performance of the system to ensure that it is consistent with pre-established user and security requirements and that all needed system modifications are incorporated into the system. Monitoring is done in the operation/maintenance phase of the SDLC because all the development work is completed, and the system should start delivering results. During implementation phase, the system is tested, employees are trained, and the system is not yet ready to put into production operation/maintenance phase to monitor system performance.
96. In the needs-determination task of the system development life cycle (SDLC) initiation phase, which of the following is a significant cost driver?
a. Performance requirements
b. Assurance requirements
c. Supportability requirements
d. Functional requirements
96. b. System assurance is the grounds for confidence that the set of intended security controls in an information system are effective in their application. Information security needs should address the appropriate level of assurance because this is a significant cost driver. The higher the assurance level required, the higher the cost and vice versa. Usually, investment analysis is structured to translate system needs and mission into high-level performance, assurance, functional, and supportability requirements. However, the assurance requirements are the significant cost driver because it integrates all the other requirements at the highest level.
