Week 6 - Creating a Company Culture for Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

A strong password is a good step towards good security, but what else is recommended to secure authentication? Strong encryption Vulnerability scanning 2-factor authentication Password rotation

2-factor authentication

What's a quick and effective way of evaluating a third party's security? A security assessment questionnaire A signed contract A manual evaluation of all security systems A comprehensive penetration testing review

A security assessment questionnaire

When you are working on your laptop in a public area, always _____ when you get up to use the restroom. Set up a VPN. Lock your screen. Ask permission to leave. Take your smartphone.

Lock your screen.

Which of these are examples of security tools that can scan computer systems and networks for vulnerabilities? Check all that apply. Wireshark OpenVAS Nessus Qualys

OpenVAS Nessus Qualys

Which of these are bad security habits commonly seen amongst employees in the workplace? Check all that apply. Log out of website session Lock desktop screen Password on a post-it note Leave laptop logged in and unattended

Password on a post-it note Leave laptop logged in and unattended

When considering third-party service providers to host sensitive data, you should conduct a vendor risk review. What actions does this include? Check all that apply. Test the vendor's hardware or software. Ask vendor for a cost comparison. Ask vendor to fill out a security questionnaire. Talk to vendor employees.

Test the vendor's hardware or software. Ask vendor to fill out a security questionnaire.

Security risk assessment starts with _____. Attack impact Payment processing Threat modeling Outside attackers

Threat modeling

What's the first step in performing a security risk assessment? Logs analysis Threat modeling Vulnerability scanning Penetration testing

Threat modeling

What risk are you exposing your organization to when you contract services from a third party? Zero-day vulnerabilities Man-in-the-middle attacks Trusting the third party's security DDoS attacks

Trusting the third party's security

A company wants to restrict access to sensitive data. Only those who have a "need to know" will have access to this data. Strong access controls need to be implemented. Which of these examples, that don't include user identification, are used for 2-factor authentication? Check all that apply. U2F token Common Access Card Smart card Password

U2F token Password

Google provides free _____, which is a good starting point when assessing third-party vendors. Mobile phone services Cloud storage Business apps Vendor security assessment questionnaires

Vendor security assessment questionnaires

What tool can you use to discover vulnerabilities or dangerous misconfigurations on your systems and network? Antimalware software Firewalls Bastion hosts Vulnerability scanners

Vulnerability scanners

The very first step of handling an incident is _____ the incident. ignoring understanding detecting blaming

detecting

After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly _____. backed up removed tested baselined

tested

Which of the following should be incorporated into a reasonably secure password policy that balances security with usability? Check all that apply. A length of at least 8 characters A requirement to use dictionary words A password expiration time of 6-12 months A complexity requirement of special characters and numbers

A length of at least 8 characters A password expiration time of 6-12 months A complexity requirement of special characters and numbers

When employees need to access sensitive data, they should do all of the following EXCEPT what? Provide justification Specify exact data needed A second signature Time limit

A second signature

Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply. Lease privilege Print customer information Audit access logs VPN connection

Audit access logs Lease privilege

How can events be reconstructed after an incident? By replaying security video footage By interviewing the people involved By doing analysis of forensic malware By reviewing and analyzing logs

By reviewing and analyzing logs

Beyond restoring normal operations and data, what else should be done during the recovery phase? Correct the underlying root cause Update documentation Assign blame for the incident Take systems offline

Correct the underlying root cause

Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Check all that apply. Posters promoting good security behavior Desktop monitoring software Bring your own device Designated mailing list

Posters promoting good security behavior Designated mailing list

In the Payment Card Industry Data Security Standard (PCI DSS), which of these goals would benefit from encrypted data transmission? Protecting cardholder data Implement strong access control measures Maintaining a vulnerability management program Monitoring and testing networks regularly

Protecting cardholder data

Third-party services that require equipment on-site may require your company to do which of the following? Check all that apply. Provide additional monitoring via a firewall or agentless solution. Provide remote access to third-party service provider. Evaluate hardware in the lab first. Report any issues discovered from evaluating hardware.

Provide additional monitoring via a firewall or agentless solution. Evaluate hardware in the lab first. Report any issues discovered from evaluating hardware.

What characteristics are used to assess the severity of found vulnerabilities? Check all that apply. Remotely exploitable or not Type of access gained Use of encryption or not Chance of exploitation

Remotely exploitable or not Type of access gained Chance of exploitation

The incident response team found malware on several user workstations. Trying to remove the malware infection is becoming time consuming. There is important data on the workstations. Which of these actions will recover the workstations back to a malware-free state? Check all that apply. Replace network cable Replace the hard drive Rebuild the machine Restore file from backup

Restore file from backup

A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company's security policies? Check all that apply. Upload to a personal OneDrive Share directly via VPN Upload to a personal Google drive Upload to company secure cloud storage.

Share directly via VPN Upload to company secure cloud storage.

Periodic mandatory security training courses can be given to employees in what way? Check all that apply. One-on-one interviews Short video Brief quiz Interoffice memos

Short video Brief quiz

Once the scope of the incident is determined, the next step would be _____. containment documentation escalation remediation

containment


Ensembles d'études connexes

chapter 8 ethical concerns in nursing practice

View Set

The Picture of Dorian Gray Setting Quotes

View Set

Defining Research with Human Subjects - SBE

View Set

American History 1865-Present CH 28-30

View Set

PA - Environmental Emergencies Guest Lecture - CM, 11/18

View Set