Final Exam
In an accreditation process, who has the authority to approve a system for implementation?
Authorizing official (AO)
Which part of the C-I-A triad refers to making sure information is obtainable when needed?
Availability
Which security model does not protect the integrity of information?
Bell-LaPadula
What certification focuses on information systems audit, control, and security professionals?
Certified Information Systems Auditor (CISA)
Which principle of effective digital forensic investigations helps to ensure data in memory is not lost?
Consider data volatility
During which step of the incident-handling process is the goal to contain the incident?
Identification
Keisha is a network administrator. She wants a cloud-based service that will allow her to load operating systems on virtual machines and manage them as if they were local servers. What service is Keisha looking for?
Infrastructure as a Service (IaaS)
What is an example of a logical access control?
Password
The FAT32 and NTFS file systems are associated with which of the following?
Windows
Gary is troubleshooting a security issue on an Ethernet network. He would like to look at the relevant Ethernet standard. What publication should he seek out?
IEEE 802.3
What type of security monitoring tool would be most likely to identify an unauthorized change to a computer system?
System integrity monitoring
Which information security objective verifies the action to create an object or verifies an object's existence by an entity other than the creator?
Witnessing
Karen is a hacker. She wants to access a server and control it remotely. The tool she plans to use is a type of Trojan. What tool will Karen use for this purpose?
Remote Access Tool (RAT)
Wen is a network engineer. For several months, he has been designing a system of controls to allow and restrict access to network assets based on various methods and information. He is currently configuring the authentication method. What does this method do?
Verifies that requestors are who they claim to be
How many domains of knowledge are covered by the Certified Information Systems Security Professional (CISSP) exam?
8
In what area does the Internet Architecture Board (IAB) provide oversight on behalf of the Internet Engineering Task Force (IETF)?
Architecture for Internet protocols and procedures
Alice would like to send a message to Bob securely and wishes to use asymmetric encryption to encrypt the contents of the message. What key does she use to encrypt this message?
Bob's Public key
Which of the following is the point at which two error rates of a biometric system are equal and is the measure of the system's accuracy expressed as a percentage?
Crossover error rate (CER)
What program, released in 2013, is an example of ransomware?
CryptoLocker
Which type of password attack is used on weak passwords and compares a hashed value of the passwords to the system password file to find a match?
Dictionary attack
Which element is not a core component of the ISO 27002 standard?
Cryptography
Arturo is a network engineer. He wants to implement an access control system in which the owner of the resource decides who can change permissions, and permission levels can be granted to specific users, groups of people in the same or similar job roles, or by project. Which of the following should Arturo choose?
Discretionary access control (DAC)
Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use?
Field theory
Lin works for a large financial institution. She has been asked to create a written information security program, which must state how the institution collects and uses customer data and must describe the controls used to protect that data. She is also in charge of running the program, conducting a risk assessment to identify risks to customer information, and assessing current safeguards to make sure they are effective, among other tasks. Which of the following is she trying to comply with?
GLBA Safeguards Rule
Devaki is a new compliance manager. She is reading about various regulations to determine which ones apply to her industry. What law applies specifically to consumer data that originates in Europe?
General Data Protection Regulation (GDPR)
Which of the following is not true of data backup options?
It is faster to create incremental weekday backups than differential backup
Which of the following is a digital forensics specialist least likely to need in-depth knowledge of?
Mainframes
When should an organization's managers have an opportunity to respond to the findings in an audit?
Managers have the opportunity to respond to a draft copy of the audit report. Auditors then put that response in the final report.
Alison retrieved data from a company database containing personal information on customers. When she looks at the Social Security number (SSN) field, she sees values that look like this: "XXX-XX-9142." What has happened to these records?
Masking
What is the average time a device will function before it fails?
Mean Time to Failure
During which step of the incident-handling process do you develop a formal communication plan and identify all key stakeholders?
Preparation
Marguerite is creating a budget for a software development project. What phase of the system life cycle is she undertaking?
Project initiation and planning
The chief executive officer (CEO) of a company recently fell victim to an attack. The attackers sent the CEO an email that appeared to come from the company's attorney. The email informed the CEO that his company was being sued and he needed to view a subpoena at a court website. When visiting the website, malicious code was downloaded onto the CEO's computer. What type of attack took place?
Spear Phishing
Susan is a digital forensic examiner. She is investigating a case in which a driver has been accused of vehicular homicide. She has the driver's mobile device and cellular records. What type of mobile device evidence is most likely to reveal whether the driver was actively using a mobile device when the incident occurred?
Texting
Which of the following is not true of contingency planning?
The mean time between failures (MTBF) is closely associated with the recovery time objectives (RTOs) of several integrated critical business functions (CBFs).
The Microsoft Security Baseline Analyzer is:
available free of charge.
Because __________, auditing every part of an organization and extending into all outsourcing partners may not be possible.
of resource constraints
What type of attack occurs in real time and is often conducted against a specific target?
Direct
What is a goal of vulnerability testing?
Documenting the lack of security control or misconfiguration
Susan performs a full backup of her server every Sunday at 1:00 a.m. and differential backups on Mondays through Fridays at 1:00 a.m. Her server fails at 9:00 a.m. on Wednesday. How many backups does Susan need to restore?
2
Which of the following principles is not a component of the Biba integrity model?
A subject may not ask for service from subjects that have a higher integrity level.
Devaki is evaluating different biometric systems. She understands that users might not want to subject themselves to retinal scans due to privacy concerns. Which concern of a biometric system is she considering?
Acceptability
By creating users, assigning those users to groups, and then applying groups to resources in the domain, the administrator sets up both authentication using the Active Directory Domain authentication policies, and builds a series of nested __________ to control the access to domain resources.
Access Control Lists
Mark is considering outsourcing security functions to a third-party service provider. What benefit is he most likely to achieve?
Access to a higher level of expertise
Jackson is a cybercriminal. He is attempting to keep groups of a company's high-level users from accessing their work network accounts by abusing a policy designed to protect employee accounts. Jackson attempts to log in to their work accounts repeatedly using false passwords. What security method is he taking advantage of?
Account lockout policies
Which of the following is the database that provides a centrally controlled and managed access and security management system for an organization's Windows computer systems?
Active Directory
Janette is the director of her company's network infrastructure group. She is explaining to the business owners the advantages and disadvantages of outsourcing network security. One consideration she presents is the question of who would be responsible for the data, media, and infrastructure. What consideration is she describing?
Adherence to policy
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature?
Alice's public key
Hajar is responsible for keeping her banking institution's servers operating 24/7/365. Her recovery strategy is to have fully redundant or duplicate operations and synchronized data and to operate the site continuously. Which strategy has she selected?
Alternate processing center or mirrored site
Mary is designing a software component that will function at the Presentation Layer of the Open Systems Interconnection (OSI) Reference Model. What other two layers of the model will her component need to interact with?
Application and Session
Jiang is pursuing a career in information security. He wants to eventually achieve the (ISC)2 Certified Information Systems Security Professional (CISSP) certification but does not have the required experience. If he passes the CISSP exam now, which credential will Jiang get?
Associate of (ISC)2
Lin is creating a template for the configuration of Windows servers in her organization. The configuration includes the basic security settings that should apply to all systems. What type of document should she create?
Baseline
Tonya would like to protect her users and the network when users browse to known dangerous sites. She plans to maintain a list of those sites and drop messages from those websites. What type of approach is Tonya advocating?
Blacklisting
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller.
Botnets
Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certification would be most suitable for this purpose?
Certified Secure Software Lifecycle Professional (CSSLP)
A company's IT manager has advised the business's executives to use a method of decentralized access control rather than centralized to avoid creating a single point of failure. She selects a common protocol that hashes passwords with a one-time challenge number to defeat eavesdropping-based replay attacks. What is this protocol?
Challenge-Handshake Authentication Protocol (CHAP)
Jim is an experienced security professional who recently accepted a position in an organization that uses Check Point firewalls. What certification can Jim earn to demonstrate his ability to administer these devices?
Check Point Certified Security Administrator (CCSA)
Which cryptographic attack is relevant in only asymmetric key systems and hash functions?
Chosen ciphertext
Oscar is a network engineer. He is responsible for the networks and security protections, such as firewalls, in his local government agency. He is beginning a professional development journey and trying to determine an entry-level or associate-level security certification that is a good match with his current knowledge and skills. Which certification should he pursue?
Cisco Certified Network Associate (CCNA)
Rylie is a newly hired cybersecurity expert for a government agency. Rylie used to work in the private sector. She has discovered that, whereas private sector companies often had confusing hierarchies for data classification, the government's classifications are well known and standardized. As part of her training, she is researching data that requires special authorization beyond normal classification. What is this type of data called?
Compartmentalized
Bob is sending a message to Alice. He wants to ensure that nobody can read the content of the message while it is in transit. What goal of cryptography is Bob attempting to achieve?
Confidentiality
Which part of the C-I-A triad refers to preventing the disclosure of secure information to unauthorized individuals or systems?
Confidentiality
Which of the following should you avoid during a disaster and recovery?
Continue normal processes, such as separation of duties or spending limits
Donnelly is an IT specialist. He is in charge of the server and network appliances inventory. The infrastructure roadmap calls for a network systems reconfiguration in the next six months. Adina, the security expert, asks Donnelly to prepare a standardized list of all current and proposed equipment and then to present it to her in a hardware configuration chart. What does Adina tell Donnelly that the chart should include?
Copies of all software configurations for routers and switches
Larry recently viewed an auction listing on a website. As a result, his computer executed code that popped up a window that asked for his password. What type of attack has Larry likely encountered?
Cross-site scripting (XSS)
Alan withdraws cash from an ATM belonging to Bank X that is coming from his account with Bank Y. What is Alan's relationship with Bank Y?
Customer
Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message?
Decryption
Which of the following provides IT and communications support to the White House, Secretary of Defense, and all military sectors that contribute to the defense of the United States of America?
Defense Information Systems Agency (DISA)
Which type of evidence helps explain other evidence and includes visual aids such as charts and graphs?
Demonstrative
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key?
Diffie-Hellman
What is not a symmetric encryption algorithm?
Diffie-Hellman
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity?
Digital signature
Which of the following is not true of U.S. Department of Defense/military Directive (DoDD) 8140?
DoDD 8140 certifications are unique and will not include commercial certifications.
Which type of evidence is stored in a computer's memory, as well as on storage devices as in files, and must be accompanied by documentation that validates the evidence's authenticity?
Documentary
Lin is conducting an audit of an identity management system. Which question is not likely to be in the scope of her audit?
Does the firewall properly block unsolicited network connection attempts?
Which term describes a process that requires an organization to preserve and not alter evidence that may be used in court? This process can help ensure that normal data-handling procedures do not contaminate or even delete data that may be needed for a case.
E-discovery
Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?
Enables a 30-day password change policy
Omar is an infrastructure security professional. After reviewing a set of professional ethics issued by his company, he is learning and adopting ethical boundaries in an attempt to demonstrate them to others. What is this called?
Encouraging the adoption of ethical guidelines and standards
Which of the following is not an objective of cryptanalysis, the process of breaking codes?
Encrypt the plaintext of a target message
Tonya is working with a team of subject matter experts to diagnose a problem with her system. The experts determine that the problem likely resides at the Transport Layer of the Open Systems Interconnection (OSI) model. Which functionality is the most likely suspect?
Encryption
Which organization creates information security standards that specifically apply within the European Union (EU)?
European Telecommunications Standards Institute (ETSI) Cyber Security Technical Committee (TC CYBER)
Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on?
Event Logs
Biyu is a network administrator. She is developing the compliance aspect of her company's security policy. Currently, she is focused on the records of actions that the organization's operating system or application software creates. What aspect of compliance is Biyu focusing on?
Event logs
An effective audit report gets right to the point and often begins with a summary followed by the details. Because the summary may find its way outside the organization's leadership, what should auditors take care not to do?
Expose security weaknesses
Antonio is responsible for tuning his organization's intrusion detection system. He notices that the system reports an intrusion alert each time that an administrator connects to a server using Secure Shell (SSH). What type of error is occurring?
False Positive error
Anya is a cybersecurity engineer for a high-secrecy government installation. She is configuring biometric security that will either admit or deny entry using facial recognition software. Biometric devices have error rates and certain types of accuracy errors that are more easily tolerated depending on need. In this circumstance, which error rate is she likely to allow to be relatively high?
False rejection rate (FRR)
Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use?
Field Theory
Bob is preparing to dispose of magnetic media and wishes to destroy the data stored on it. Which method is not a good approach for destroying data?
Formatting
In the lab, you used the __________ to link the new password group policy object to the Active Directory domain for the virtual lab environment.
Group Policy Editor
In the lab, a variety of options for strengthening password policy were displayed in the:
Group Policy Management Editor.
In the lab, you created and saved a __________ showing the properties for the password object you created earlier in the lab.
Group Policy Object report
Which of the following tools enables a system administrator or security practitioner to set and enforce key security policies at the Active Directory Forest, Domain, and Organizational Unit level?
Group policy objects
What type of system is intentionally exposed to attackers in an attempt to lure them out?
Honeypot
What organization offers a variety of security certifications that are focused on the requirements of auditors?
ISACA
The Internet Engineering Task Force (IETF) works closely with the World Wide Web Consortium (W3C) and the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) focusing on which of the following?
ISO/IEC 27002
What is a set of concepts and policies for managing IT infrastructure, development, and operations? The information is published in a series of books, each covering a separate IT management topic.
IT Infrastructure Library (ITIL)
Tim is implementing a set of controls designed to ensure that financial reports, records, and data are accurately maintained. What information security goal(s) is Tim attempting to achieve?
Integrity
Which part of the C-I-A triad refers to maintaining and assuring the accuracy of data over its life-cycle?
Integrity
Which organization promotes technology issues as an agency of the United Nations?
International Telecommunication Union (ITU)
Rodrigo has just received an email at work from an unknown person. The sender claims to have incriminating evidence against Rodrigo and threatens to release it to his employer and his family unless he discloses certain confidential information about his employer's company. Rodrigo does not know that several other people in the organization received the same email. What form of social engineering has occurred?
Intimidation
Lin is a digital forensic specialist who works in a forensic lab. She is evaluating diagnostic forensic software to add to the lab's toolkit. She wants a tool that is open source that can also be used for penetration testing. Which tool should she choose?
Kali Linux
What is a single sign-on (SSO) approach that relies upon the use of key distribution centers (KDCs) and ticket-granting servers (TGSs)?
Kerberos
Alison is a security professional. A user reports that, after opening an email attachment, every document he saves is in a template format and other Microsoft Word documents will not open. After investigating the issue, Alison determines that the user's Microsoft Office normal.dot template has been damaged, as well as many Word files. What type of virus is the most likely cause?
Macro virus
Isabella is a digital forensic specialist. She wants to recover deleted data from a computer disk. The computer is currently running. Which process should she take to do so without accidentally overwriting any deleted data?
Make an image of memory, shut down the computer, attach the disk drive to a forensic lab device, and read the data from the disk
Isabella is an IT security manager for a state agency. The agency can survive for nine hours without a functioning data center. If the power goes out in her data center, Isabella estimates it will take six hours to move data center operations to an alternate site. Which of the following describes how long the agency can survive without a functioning data center?
Maximum tolerable downtime (MTD)
Which agreement type is typically less formal than other agreements and expresses areas of common interest?
Memorandum of understanding (MOU)
Which of the following tools can be used to ensure a newly installed system meets or exceeds the organization's baseline security standard prior to deployment and can also help enforce patch management and change control policies?
Microsoft Security Baseline Analyzer
Which of the following tools enables the security practitioner to discover vulnerabilities and patch-level deficiencies at the Windows host machine level?
Microsoft Security Baseline Analyzer
Which of the following is not true of mobile devices and forensics?
Mobile devices do not need to follow ordinary chain of custody techniques.
On a Windows network share, if the user can add, edit, and delete files and folders within the LabFiles folder, what type of access controls and permissions are probably configured?
Modify
Security controls place limits on activities that might pose a risk to an organization. Ricky, a security engineer for his company, is performing a review and measurement of all controls to capture changes to any environment component. What is this called?
Monitoring
What U.S. federal government agency is charged with the responsibility of creating information security standards and guidelines for use within the federal government and more broadly across industries?
National Institute of Standards and Technology (NIST)
Which type of authentication includes smart cards?
Ownership
Leola is a cybersecurity consultant hired by a company to test the effectiveness of its network's defenses. She has something in common with the malicious people who would perform the same tasks involved in _________________, except that, unlike Leola, they would not have consent to perform this action against the system.
Penetration testing
A computing device does not play which role in a crime?
Perpetrator
An automatic teller machine (ATM) uses a form of constrained user interface to limit the user's ability to access resources in the system. Specifically for ATMs, which method is being used?
Physically constrained user interfaces
Jermaine is a security administrator for his company. He is developing a defense against attacks based on network-mapping methods. He prevents the Internet Control Message Protocol (ICMP) from operating to stop attackers from using ping packets to discover the network layout, but he must also guard against operating system fingerprinting since many attacks are tailored to specific operating systems. What must Jermaine be concerned about?
Port Mapping
Christopher is designing a security policy for his mid-size company. He would like to use an approach that allows a reasonable list of activities but prohibits all other activities. Which level of permission is he planning to use?
Prudent
What is the least likely goal of an information security awareness program?
Punish users who violate policy
Which approach to cryptography uses highly parallel algorithms that could solve problems in a fraction of the time needed by conventional computers?
Quantum cryptography
Which data source comes first in the order of volatility when conducting a forensic investigation?
Random access memory (RAM)
Which type of evidence is any physical object that you can touch or otherwise directly observe, such as a hard drive?
Real
Arturo is an IT manager for a school district. He is planning recovery options for a small data center that supports teacher and classroom activities for 5 of the 21 schools in his district. Many school districts in his state use similar classroom technology. Arturo is looking for a temporary alternate site that would be easy to cut over to and is affordable. Which option is most likely to fit Arturo's needs?
Reciprocal agreement with another school district
During which step of the incident-handling process should a lessons-learned review of the incident be conducted?
Recovery and follow-up
What is the correct order of change control procedures regarding changes to systems and networks?
Request, impact assessment, approval, build/test, implement, monitor
Lincoln is a network security specialist. He is updating the password policy for his company's computing infrastructure. His primary method of improving password policy involves lowering the chance that an attacker can compromise and use the password before it expires. What does he do?
Requires all passwords to contain at least eight alphanumeric characters
During which step of the incident-handling process does triage take place?
Response
During which step of the incident-handling process is the goal to contain the incident?
Response
Which of the following is not one of the rights afforded to students (or the parents of a minor student) under the Family Educational Rights and Privacy Act (FERPA)?
Right to delete unwanted information from records
Aditya is a network technician. He is collecting system data for an upcoming internal system audit. He is currently performing vulnerability testing to determine what weaknesses may exist in the network's security. What form of assessment is he conducting?
Security Testing
Isaac is responsible for performing log reviews for his organization in an attempt to identify security issues. He has a massive amount of data to review. What type of tool would best assist him with this work?
Security information and event management (SIEM) system
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of Duties
Mia is her company's network security professional. She is developing access policies based on personnel security principles. As part of this effort, she is devising a method of taking high-security tasks and splitting them among several different employees so that no one person is responsible for knowing and performing the entire task. What practice is she developing?
Separation of duties
Tomahawk Industries develops weapons control systems for the military. The company designed a system that requires two different officers to enter their access codes before allowing the system to engage. Which principle of security is this following?
Separation of duties
Hajar is a network engineer. She is creating a system of access involving clearance and classification based on users and the objects they need in a secure network. She is restricting access to secure objects by users based on least privilege and which of the following?
Separation of duties(wrong)
Emily is the information security director for a large company that handles sensitive personal information. She is hiring an auditor to conduct an assessment demonstrating that her firm is satisfying requirements regarding customer private data. What type of assessment should she request?
Service Organization Control (SOC) 3
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session Hijacking
Devaki is investigating an attack. An intruder managed to take over the identity of a user who was legitimately logged in to Devaki's company's website by manipulating Hypertext Transfer Protocol (HTTP) headers. Which type of attack likely took place?
Session hijacking
What are bash and zsh?
Shells
Which intrusion detection system strategy relies on pattern matching?
Signature Detection
Which intrusion detection system strategy relies on pattern matching?
Signature detection
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered?
Slow virus
What is an example of two-factor authentication (2FA)?
Smart card and personal identification number (PIN)
Which attack method best describes a spam email campaign that targets the head of an organization?
Spear Phishing
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database?
Structured Query Language (SQL) injection
Joe is responsible for the security of the systems that control and monitor devices for a power plant. What type of system does Joe likely administer?
Supervisory Control and Data Acquisition (SCADA)
Which set of characteristics describes the Caesar cipher accurately?
Symmetric, stream, substitution
Which of the following is a type of denial of service (DoS) attack?
Synchronize (SYN) flood
Which type of virus targets computer hardware and software startup functions?
System infector
Which of the following is not true of hash functions?
The hashes produced by a specific hash function may vary in size.
Which of the following statements is true regarding guest users who require a higher degree of access?
These guest users can be issued local, self-signed certificates that expire on a specific date and limit the guest's access.
Aditya is attempting to classify information regarding a new project that his organization will undertake in secret. Which characteristic is not normally used to make these types of classification decisions?
Threat
Under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, covered entities may not use or disclose people's protected health information (PHI) without their written consent, although there are exceptions. Which of the following is generally not an allowed exception under the Privacy Rule?
To discuss a patient's medical status at a conference
What is the purpose of a disaster recovery plan (DRP)?
To enable an organization to make critical decisions ahead of time so personnel can manage and review decisions without the urgency of an actual disaster
Which of the following combines something you know (e.g. password) with something you are (e.g. fingerprint) or something you possess (e.g. USB stick) and can also employ a certificate system that adds a distinct third layer to the authentication process?
Two-factor authentication
Log files can help provide evidence of normal and abnormal system activity, as well as valuable information on how well security controls are doing their jobs. Regulation, policy, or log volume might dictate how much log information to keep. If a log file is subject to litigation, how long must a company keep it?
Until the case is over
Wen is a network security professional. He wants to strengthen the security of his agency's network infrastructure defenses. Which control can he use to protect the network?
Use Proxy services
What is the only unbreakable cipher when it is used properly?
Vernam
What tool might be used by an attacker during the reconnaissance phase of an attack to glean information about domain registrations?
Whois
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose?
Wi-Fi Protected Access version 3 (WPA3)
Marco is in a web development program. He is studying various web-related standards that apply to Cascading Style Sheets (CSS) and HyperText Markup Language (HTML). What authoritative source should he consult?
World Wide Web Consortium (W3C)
The ________ establishes that evidence was collected and handled using proper techniques and procedures, which is also a trusted method to determine the ________, or point of origin, of a piece of evidence.
chain of custody, provenance
Change control management should be focused on:
federal government laws and regulations.
Cherilyn is a security consultant hired by a company to develop its system auditing protocols. She and the company's chief information officer (CIO) agree that audits are an important consideration. In her report to the CIO and other C-level officers of the corporation, she recommends that the security policy include audit categories and ______________ for conducting audits.
frequency requirements
Much of the policy revealed in the "Password must meet complexity requirements" window:
ignores password security minimum requirements.(wrong)
Windows Group Policy can be used __________ to control access to many local computer and network resources such as drives, Internet access, kiosk mode, etc.
on either a local or domain level
The Microsoft Security Baseline Analyzer __________ scores the severity of each vulnerability and offers suggestions for addressing each of the vulnerabilities found.
report
The ___________ is the central part of a computing environment's hardware, software, and firmware that enforces access control.
security kernel
Which of the following tools is used to modify permissions on the TargetWindowsDC01 server to allow new users to use the remote desktop services?
the group policy object editor