Creating a Company Culture for Security
A strong password is a good step towards good security, but what else is recommended to secure authentication? A) Password rotation B) Strong encryption C) Vulnerability scanning D) 2-factor authentication
2-factor authentication
Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply. A) VPN connection B) Print customer information C) Audit access logs D) Lease privilege
Audit access logs Lease privilege
Periodic mandatory security training courses can be given to employees in what way? Check all that apply. A) Interoffice memos B) One-on-one interviews C) Brief quiz D) Short Video
Brief quiz Short Video
What are some behaviors you should encourage in order to build a security-conscious culture? A) Checking website URLs when authenticating B) Shaming people who haven't done a good job of ensuring your company's security C) Asking security-related questions D) Locking your screen
Checking website URLs when authenticating Asking security-related questions Locking your screen
Beyond restoring normal operations and data, what else should be done during the recovery phase? A) Assign blame for the incident B) Take systems offline C) Correct the underlying root cause D) Update documentation
Correct the underlying root cause
What is the first step in performing a security risk assessment? A) Vulnerability scanning B) Logs analysis C) Penetration Testing D) Threat modeling
Logs analysis
___ is the practice of attempting to break into a system or network for the purpose of verification of systems in place. A) Network probing B) Vulnerability scanning C) Security assessment D) Penetration testing
Penetration testing
Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Check all that apply. A) Desktop monitoring software B) Designated mailing list C) Bring your own device D) Posters promoting good security behavior
Posters promoting good security behavior
Which of these are examples of security tools that can scan computer systems and networks for vulnerabilities? Check all that apply. A) Qualys B) OpenVAS C) Wireshark D) Nessus
Qualys OpenVAS Nessus
What characteristics are used to assess the severity of found vulnerabilities? Check all that apply. A) Remotely exploitable or not B) Use of encryption or not C) Type of access granted D) Chance of exploitation
Remotely exploitable or not Chance of exploitation
The incident response team found malware on several user workstations. Trying to remove the malware infection is becoming time consuming. There is important data on the workstations. Which of these actions will recover the workstations back to a malware-free state? Check all that apply. A) Replace the hard drive B) Restore file from backup C) Rebuild the machine D) Replace network cable
Restore file from backup Rebuild the machine
A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company's security policies? Check all that apply. A) Upload to a personal Google drive B) Share directly via VPN C) Upload to a personal OneDrive D) Upload to company secure cloud storage
Share directly via VPN Upload to company secure cloud storage
What are some ways to combat against email phishing attacks for user passwords? Check all that apply. A) Spam filters B) User education C) Cloud email D) Virtual Private Network
Spam filters User education
Security risk assessment starts with A) Outside attackers B) Attack impact C) Threat modeling D) Payment processing
Threat modeling
What risk are you exposing your organization to when you contract services from a third party? A) DDoS attacks B) Zero-day vulnerabilties C) Trusting the third party's security D) Man-in-the-middle attacks
Trusting the third party's security
A company wants to restrict access to sensitive data. Only those who have a "need to know" will have access to this data. Strong access controls need to be implemented. Which of these examples, that don't include user identification, are used for 2-factor authentication? Check all that apply. A) Smart card B) U2F token C) Common Access Card D) Password
U2F token Password
Data handling policies usually forbid the storing of confidential information on which of these devices? Check all that apply. A) USB Sticks B) CD Drives C) Limited access file shares D) Encrypted portable hard drives
USB Sticks CD drives
Google provides free _____, which is a good starting point when assessing third-party vendors. A) Cloud storage B) Mobile phone services C) Vendor security assessment questionnaires D) Business apps
Vendor security assessment questionnaires
The very first step of handling an incident is _____ the incident. A) understanding B) detecting C) ignoring D) blaming
detecting
After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly _____. A) tested B) removed C) baselined D) backed up
tested
