Domain 6: Security
Sets expectations for user privacy when using company resources.
Acceptable Use Policy
Which of the following describes a Man-in-the-Middle attack?
An attacker intercepts communications between two network hosts by impersonating each host.
A mobile device has poor performance and is slow to respond to screen inputs. After troubleshooting, a technician decides to perform a factory reset. Which of the following actions should a technician take before doing so?
Backup all data to an attached computer or a cloud backup service.
An accountant needs to send an email with sensitive information to a client and wants to prevent someone from reading the email if it is intercepted in transit. The client's email system does not allow them to receive attachments due to their company security policies. Which of the following should the accountant use to send the email?
Cipher text
Identifies a set of rules or standards that define personal behaviors.
Code of Ethics
What is the surest way to prevent the loss of important information on your mobile device if it is lost, stolen, destroyed, or there is a natural disaster?
Configure your device to remotely backup important data to the Cloud.
Ted, an employee in the Sales department has asked a coworker, Ann, in the Production department to update the product descriptions contained in a Sales document. Ann can open the file but, after making changes, can't save the file. Which of the following digital security methods is MOST likely preventing this?
Directory permission
Which digital communication medium consists of top-level posts with threads of response posts?
Discussion board
Maintaining confidentiality in the workplace is important for building and maintaining trust and for ensuring an open and honest communication between customers, clients, and employees. Which of the following threatens data confidentiality?
Dumpster diving
Employees complain to the company IT division that they are spending considerable time and effort discarding unwanted junk email. Which of the following should be implemented?
Email filtering
You are configuring the local security policy of a Windows system. You want to prevent users from reusing old passwords. You also want to force them to use a new password for at least 5 days before changing it again. Which of the following policies are BEST to configure?
Enforce password history Minimum password age
In which of the following situations should you expect total privacy?
Financial transactions
Which of the following is a common form of social engineering attack?
Hoax virus information emails.
You are the PC technician for a company. An employee has gone to a meeting while you fix the computer in her office. She accidentally left a report open next to her computer which states that a friend of yours in accounting will be submitted for review if their poor work performance continues. Which of the following is the BEST action to take?
Ignore the paper and tell no one of its contents.
You are configuring the local security policy of a Windows system. You want to require users to create passwords that are at least 10 characters long. You also want to prevent log on after three unsuccessful logon attempts. Which of the following policies are BEST to configure?
Minimum password length Account lockout threshold
After entering a user ID and password, an online banking user must enter a PIN that was sent as a text message to the user's mobile phone. Which of the following digital security methods is being used?
Multifactor authentication
Your company has surveillance cameras in your office, uses strong authentication protocols, and requires biometric factors for access control. These are all examples of what principle?
Non-repudiation
Provides a high-level overview of the organization's security program.
Organizational Security Policy
Specifies that user accounts should be locked after a certain number of failed login attempts.
Password Policy
A user reports that her system is running slow when saving files. You determine that you will need to upgrade her hard disk. You identify the components that are required and schedule the repair for later that afternoon. Which of the following steps have you forgotten in your troubleshooting process?
Perform a backup.
A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25% share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account. What type of attack occurred? (pretending to be a legitimate company to get sensitive information)
Phishing
A user has opened a web browser and accessed a website where they are creating an account. The registration page is asking the user for their username (email address) and a password. The user looks at the URL and the protocol being used is HTTP. Which of the following describes how the data will be transmitted from the webpage to the webserver?
Plain text
A technician walks into the office with a UPS. What sort of threat will this device prepare a system for?
Power outage
Your company has a disaster recovery plan that says the order to restore data is customer data, financial system, then email. This is an example of what?
Prioritization
You have configured your Windows systems to automatically backup user data every night at midnight. You also take a system image backup once a month. In addition, which of the following would MOST likely ensure that you are protected against data loss?
Regularly test restoration procedures. Store a copy of all backups off-site.
Which of the following will improve the security of sensitive information on your device if it is lost or stolen?
Remote wipe Locator applications A screen lock
Which of the following access controls gives only backup administrators access to all servers on the network?
Role-based
Which of the following is not a form of biometrics?
Smart card
You receive a call from a person who identifies himself as a technician at Microsoft. He says your computer is infected and needs to be cleaned. Which of the following is this phone call MOST likely an example of?
Social engineering
Unwanted, unsolicited emails containing advertisements, political rhetoric, hoaxes, or scams are collectively known as _________.
Spam
You are a security consultant and an organization has hired you to review their security measures. They are chiefly concerned that they could become the victim of a social engineering attack. Which of the following would you MOST likely recommend they do to mitigate the risk?
Teach users how to recognize and respond to social engineering attacks.
Which application makes sure your computer has the most recent versions of its system software?
Windows Update
You work for a large company as the IT administrator. With the many external attacks being perpetrated in the form of security breaches being found in applications, you are concerned that your Windows 10 computers may be vulnerable. You also want to ensure that Windows is using the latest features. Which of the following would BEST protect your computers?
Windows updates
A large number of compromised computers are infected with malware that allows an attacker (herder) to control them to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe?
Zombie/botnet
