Module10 Risk Management
HealthCity Nursing Home is a newly opened hospital with many employees, doctors, nurses, and support staff. The upper management of the hospital wants to draft a security policy that outlines the guidelines, rules, restrictions, and consequences of violations, all of which help minimize the risk involved in allowing restricted access to some users. The doctors who have access to protected patient information must be informed what they can and can't do with that patient data and what special precautions they must take to protect patients' privacy. Certain checks and balances must also be maintained and defined in the policy measures in detail. Which of the following security policies should be used in this scenario?
A PUA (privileged user agreement)
Chelsea is a hacker who befriends Adele McCain over lunch at the cafeteria. Adele is the senior associate of Spandangle Ltd., a private law firm based in Alabama. Chelsea manages to successfully guess Adele's password to a sensitive database in the law firm. What kind of password attack did she use?
A brute-force attack
An organization hires you to handle the security policies of the organization. In order to protect the organization's network from data breaches and potential hacks, you decide to draft a policy that will require the employees of the organization to adhere to a certain set of rules while accessing the network's resources. To ensure that these rules are followed without fail, you decide to impose certain penalties for situations where violations may occur. Which of the following will help you achieve these standards?
AUP
Youhan has been placed as the security in charge of an organization. Which of the following should he use to monitor the movement and condition of equipment, inventory, and people?
Asset tags
Which of the following devices scans an individual's unique physical characters such as iris color patterns to verify the person's identity?
Biometrics
Which type of DoS attack orchestrates an attack bounced off uninfected computers?
DRDoS attack
Game Zone is a well-known games park located in Manhattan that allows gamers to engage in multiplayer competitions. The competitions function smoothly on the opening day, but on the following days, there are multiple instances of the computers getting disconnected temporarily from the wireless network. These connections however function normally when they are reconnected. Which type of attack is this most likely to be?
Deauth attack
What type of attack relies on spoofing?
Deauth attack
A former employee discovers six months after he starts work at a new company that his account credentials still give him access to his old company's servers. He demonstrates his access to several friends to brag about his cleverness and talk badly about the company. What kind of attack is this?
Insider threat
Leading up to the year 2000, many people expected computer systems the world over to fail when clocks turned the date to January 1, 2000. What type of threat was this?
Logic bomb
A company wants to have its employees sign a document that details some project-related information that should not be discussed outside the project's team members. What type of document should they use?
NDA
You, as a network engineer, want to have an insight into your network's weaknesses that need attention. You want to search for devices with open ports indicating which insecure service might be used to craft an attack and identify unencrypted sensitive data. Which of the following scanning tools will you use in this scenario?
Nessus
You are working as a network administrator, and you want to conduct simulated attacks on a network to determine its weaknesses. To do so, you want to check for open ports so that you can remote in using that port and craft an attack. Which of the following software will you use to scan for open ports in this scenario?
Nmap
Which of these DoS (denial-of-service) attacks damages a device's firmware beyond repair?
PDoS
A company accidentally sends a newsletter with a mistyped website address. The address points to a website that has been spoofed by hackers to collect information from people who make the same typo. What kind of attack is this?
Phishing
Bryden is a network analyst who has been recruited into Big Bay Burger's security management. Which of the following terminologies must he use to explain to the company's employees about the possibility of someone using a deception in following them into a restricted area?
Piggybacking
Your organization has just approved a special budget for a network security upgrade. What procedure should you conduct to develop your recommendations for the upgrade priorities?
Posture assessment
Which of the following attack simulations detect vulnerabilities and attempt to exploit them? Choose two.
Red team-blue team exercise and Pen testing
Which of the following versions is the most recent iteration of SHA (Secure Hash Algorithm), which was developed by private designers for a public competition in 2012?
SHA-3
Which of the following is considered a secure protocol?
SSH
Which of the following anti-malware software will slow down your network performance considerably?
Server-based
The managing director of Seviicco Laminates wants to secure certain financial documents that can only be accessed by him and the finance team of the organization. He wants to install a sophisticated authentication process so that the documents are extremely safe. You have been contracted as a network analyst for this project. After having an overview of the office premises, you decide to provide this security via a specific barcode that will be used as a key to access the documents. Which of the following access control technologies will you install in this scenario?
Smart locker
You need to securely store handheld radios for your network technicians to take with them when they're troubleshooting problems around your campus network. What's the best way to store these radios so all your techs can get to them and so you can track who has the radios?
Smart locker
Hammond Industries has appointed Gavin as the network administrator to set up a complete secured and flawless network throughout the office premises. One of the employees has come to him to fix an error message that keeps popping up every time he tries to open the web browser. He also states that this error started popping up after the external hard drive had been used to transfer some of the necessary documents to the HR's office. Analyze what kind of malware might possibly be behind this error.
Virus
Which of the following terms identifies the weakness of a system that could lead to compromised information or unauthorized access?
Vulnerability