Creating a Company Culture for Security

Ace your homework & exams now with Quizwiz!

A strong password is a good step towards good security, but what else is recommended to secure authentication? A) Password rotation B) Strong encryption C) Vulnerability scanning D) 2-factor authentication

2-factor authentication

Your company wants to establish good privacy practices in the workplace so that employee and customer data is properly protected. Well-established and defined privacy policies are in place, but they also need to be enforced. What are some ways to enforce these privacy policies? Check all that apply. A) VPN connection B) Print customer information C) Audit access logs D) Lease privilege

Audit access logs Lease privilege

Periodic mandatory security training courses can be given to employees in what way? Check all that apply. A) Interoffice memos B) One-on-one interviews C) Brief quiz D) Short Video

Brief quiz Short Video

What are some behaviors you should encourage in order to build a security-conscious culture? A) Checking website URLs when authenticating B) Shaming people who haven't done a good job of ensuring your company's security C) Asking security-related questions D) Locking your screen

Checking website URLs when authenticating Asking security-related questions Locking your screen

Beyond restoring normal operations and data, what else should be done during the recovery phase? A) Assign blame for the incident B) Take systems offline C) Correct the underlying root cause D) Update documentation

Correct the underlying root cause

What is the first step in performing a security risk assessment? A) Vulnerability scanning B) Logs analysis C) Penetration Testing D) Threat modeling

Logs analysis

___ is the practice of attempting to break into a system or network for the purpose of verification of systems in place. A) Network probing B) Vulnerability scanning C) Security assessment D) Penetration testing

Penetration testing

Management wants to build a culture where employees keep security in mind. Employees should be able to access information freely and provide feedback or suggestions without worry. Which of these are great ideas for this type of culture? Check all that apply. A) Desktop monitoring software B) Designated mailing list C) Bring your own device D) Posters promoting good security behavior

Posters promoting good security behavior

Which of these are examples of security tools that can scan computer systems and networks for vulnerabilities? Check all that apply. A) Qualys B) OpenVAS C) Wireshark D) Nessus

Qualys OpenVAS Nessus

What characteristics are used to assess the severity of found vulnerabilities? Check all that apply. A) Remotely exploitable or not B) Use of encryption or not C) Type of access granted D) Chance of exploitation

Remotely exploitable or not Chance of exploitation

The incident response team found malware on several user workstations. Trying to remove the malware infection is becoming time consuming. There is important data on the workstations. Which of these actions will recover the workstations back to a malware-free state? Check all that apply. A) Replace the hard drive B) Restore file from backup C) Rebuild the machine D) Replace network cable

Restore file from backup Rebuild the machine

A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company's security policies? Check all that apply. A) Upload to a personal Google drive B) Share directly via VPN C) Upload to a personal OneDrive D) Upload to company secure cloud storage

Share directly via VPN Upload to company secure cloud storage

What are some ways to combat against email phishing attacks for user passwords? Check all that apply. A) Spam filters B) User education C) Cloud email D) Virtual Private Network

Spam filters User education

Security risk assessment starts with A) Outside attackers B) Attack impact C) Threat modeling D) Payment processing

Threat modeling

What risk are you exposing your organization to when you contract services from a third party? A) DDoS attacks B) Zero-day vulnerabilties C) Trusting the third party's security D) Man-in-the-middle attacks

Trusting the third party's security

A company wants to restrict access to sensitive data. Only those who have a "need to know" will have access to this data. Strong access controls need to be implemented. Which of these examples, that don't include user identification, are used for 2-factor authentication? Check all that apply. A) Smart card B) U2F token C) Common Access Card D) Password

U2F token Password

Data handling policies usually forbid the storing of confidential information on which of these devices? Check all that apply. A) USB Sticks B) CD Drives C) Limited access file shares D) Encrypted portable hard drives

USB Sticks CD drives

Google provides free _____, which is a good starting point when assessing third-party vendors. A) Cloud storage B) Mobile phone services C) Vendor security assessment questionnaires D) Business apps

Vendor security assessment questionnaires

The very first step of handling an incident is _____ the incident. A) understanding B) detecting C) ignoring D) blaming

detecting

After a known good backup has been restored and the known vulnerabilities have been closed, systems should be thoroughly _____. A) tested B) removed C) baselined D) backed up

tested


Related study sets

Chapter 14: Physical Development in Adolescence

View Set

Major Histocompatibility Complex

View Set

Microecon Chapter 5: Elasticity and Its Application

View Set

NURS-3320: Substance Use & Abuse

View Set

Chapter 12: The Poisson distribution

View Set

Part 6: Introductions, Conclusions, and Language

View Set

Systems of Equations with Special Cases (5.4)

View Set

ECON 1001: Chapter 10 (Pure Competition in the Short Run)

View Set