Security Program and Policies Ch 6
Which of the following regulations specifically stipulates that employees should be trained on password management? A. FERPA B. HIPAA C. DPPA D. FISMA
B. HIPAA
The Board of Directors has a presentation on the latest trends in security management. This is an example of which of the following programs? A. A security education program B. A security training program C. A security awareness program D. None of the above
A. A security education program
Which of the following elements would you expect to find in an acceptable use agreement? A. Handling standards B. A lunch and break schedule C. A job description D. An evacuation plan
A. Handling standards
Which of the following terms best describes the impact of security education? A. Long-term B. Short-term C. Intermediate D. Forever
A. Long-term
Companies have the legal right to perform which of the following activities? A. Monitor user Internet access from the workplace B. Place cameras in locker rooms where employees change clothes C. Conduct a search of an employee's home D. None of the above
A. Monitor user Internet access from the workplace
Which of the following statements best describes the purpose of completing Department of Homeland Security/U.S. Citizenship and Immigration Services Form I-9 and providing supporting documentation? A. The purpose is to establish identity and employment authorization. B. The purpose is to determine tax identification and withholding. C. The purpose is to document educational achievements. D. The purpose is to verify criminal records.
A. The purpose is to establish identity and employment authorization.
Which of the following statements best describes the reason for conducting background checks? A. To verify the truthfulness, reliability, and trustworthiness of the applicant B. To find out if the applicant ever got in trouble in high school C. To find out if the applicant has a significant other D. To verify the applicant's hobbies, number of children, and type of house
A. To verify the truthfulness, reliability, and trustworthiness of the applicant
After a new employee's retention period has expired, completed paper employment applications should be ___________. A. cross-cut shredded B. recycled C. put in the trash D. stored indefinitely
A. cross-cut shredded
Data submitted by potential candidates must be ____________. A. protected as required by applicable law and organizational policy B. not protected unless the candidate is hired C. stored only in paper form D. publicly accessible
A. protected as required by applicable law and organizational policy
A network engineer attends a one-week hands-on course on firewall configuration and maintenance. This is an example of which of the following programs? A. A security education program B. A security training program C. A security awareness program D. None of the above
B. A security training program
Intruders might find job posting information useful for which of the following attacks? A. A distributed denial of service attack (DDoS) attack B. A social engineering attack C. A man-in-the-middle attack D. An SQL injection attack
B. A social engineering attack
Which of the following statements best describes when acceptable use agreements should be reviewed, updated, and distributed? A. Acceptable use agreements should be reviewed, updated, and distributed only when there are organizational changes. B. Acceptable use agreements should be reviewed, updated, and distributed annually. C. Acceptable use agreements should be reviewed, updated, and distributed only during the merger and acquisition due diligence phase. D. Acceptable use agreements should be reviewed, updated, and distributed at the discretion of senior management.
B. Acceptable use agreements should be reviewed, updated, and distributed annually.
Under the Fair Credit Reporting Act (FCRA), which of the following statements is true? A. Employers cannot request a copy of an employee's credit report under any circumstances. B. Employers must get the candidate's consent to request a credit report. C. Employers cannot use credit information to deny a job. D. Employers are required to conduct credit checks on all applicants.
B. Employers must get the candidate's consent to request a credit report.
Social media profiles often include gender, race, and religious affiliation. Which of the following statements best describes how this information should be used in the hiring process? A. Gender, race, and religious affiliation can legally be used in making hiring decisions. B. Gender, race, and religious affiliation cannot legally be used in making hiring decisions. C. Gender, race, and religious affiliation are useful in making hiring decisions. D. Gender, race, and religious affiliation listed in social media profiles should not be relied upon as they may be false.
B. Gender, race, and religious affiliation cannot legally be used in making hiring decisions.
During the course of an interview, a job candidate should be given a tour of which of the following locations? A. The entire facility B. Public areas only (unless otherwise authorized) C. The server room D. The wiring closet
B. Public areas only (unless otherwise authorized)
Which of the following terms best describes the SETA acronym? A. Security Education Teaches Awareness B. Security Education Training Awareness C. Security Education Teaches Acceptance D. Security Education Training Acceptance
B. Security Education Training Awareness
Network administrators and help desk personnel often have elevated privileges. They are examples of which of the following roles? A. The information owners B. The information custodians C. The information authors D. The information sellers
B. The information custodians
The permissions and access rights a user is granted should match their role and responsibilities. Who is responsible for defining to whom access should be granted? A. The information user B. The information owner C. The information custodian D. The information author
B. The information owner
Studies often cite ____________ as the weakest link in information security. A. policies B. people C. technology D. regulations
B. people
Posters are placed throughout the workplace reminding users to log off when leaving their workstations unattended. This is an example of which of the following programs? A. A security education program B. A security training program C. A security awareness program D. None of the above
C. A security awareness program
Sanctions for policy violations should be included in which of the following documents? A. The employee handbook B. A confidentiality/non-disclosure agreement C. An acceptable use agreement D. All of the above
C. An acceptable use agreement
Which of the following statements best describes the background check criteria? A. Criteria should be the same for all prospective employees. B. Criteria should differ according to gender or ethnicity. C. Criteria should be specific to the job for which an applicant is applying. D. None of the above.
C. Criteria should be specific to the job for which an applicant is applying.
Candidate and employee NPPI must be protected. NPPI does not include which of the following? A. Social security number B. Credit card number C. Published telephone number D. Driver's license number
C. Published telephone number
At which of the following phases of the hiring process should personnel security practices begin? A. Interview B. Offer C. Recruitment D. Orientation
C. Recruitment
Best practices dictate that employment applications should not ask prospective employees to provide which of the following information? A. Last grade completed B. Current address C. Social security number D. Email address
C. Social security number
A published job description for a web designer should not include which of the following? A. Job title B. Salary range C. Specifics about the web development tool the company is using D. Company location
C. Specifics about the web development tool the company is using
Which of the following statements is not true of confidentiality agreements? A. Confidentiality/non-disclosure agreements are legal protection against unauthorized use of information. B. Confidentiality/non-disclosure agreements are generally considered a condition of work. C. Confidentiality/non-disclosure agreements are legally binding contracts. D. Confidentiality agreements should only be required of top-level executives.
D. Confidentiality agreements should only be required of top-level executives.
Which of the following privacy regulations stipulates that schools must have written permission in order to release any information from a student's education record? A. Sarbanes-Oxley Act (SOX) B. HIPAA C. Gramm-Leach-Bliley Act (GLBA) D. FERPA
D. FERPA
Which of the following facts is an interviewer permitted to reveal to a job candidate? A. A detailed client list B. The home phone numbers of senior management C. The organization's security weaknesses D. The duties and responsibilities of the position
D. The duties and responsibilities of the position
Which of the following statements best describes the employee lifecycle? A. The employee lifecycle spans recruitment to career development. B. The employee lifecycle spans onboarding to orientation. C. The employee lifecycle spans user provision to termination. D. The employee lifecycle spans recruitment to termination.
D. The employee lifecycle spans recruitment to termination.
