Chapter 15 - Policies, Procedures, and People Flashcards

1
Q
Which method would you use if you were disposing hard drives as part of a company computer sale?
A. Destruction
B. Purging
C. Clearing
D. Formatting
A

B. Purging (or sanitizing) removes all the data from a hard drive so that it cannot be reconstructed by any known technique. If a hard drive were destroyed, it wouldn’t be of much value at a company computer sale. Clearing is the removal of data with a certain amount of assurance that it cannot be reconstructed; this method is usually used when recycling the drive within the organization. Formatting is not nearly enough to actually remove data because it leaves data residue, which can be used to reconstruct data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Which of these governs the disclosure of financial data?
A. SOX
B. HIPAA
C. GLB
D. Top secret
A

A. SOX, or Sarbanes-Oxley, governs the disclosure of financial and accounting data. HIPAA governs the disclosure and protection of health information. GLB, or the Gramm-Leach-Bliley Act of 1999, enables commercial banks, investment banks, securities firms, and insurance companies to consolidate. Top secret is a classification given to confidential data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Jeff wants to employ a Faraday cage. What will this accomplish?
A. It will increase the level of wireless encryption.
B. It will reduce data emanations.
C. It will increase EMI.
D. It will decrease the level of wireless emanations.

A

B. The Faraday cage will reduce data emanations. The cage is essentially an enclosure (of which there are various types) of conducting material that can block external electric fields and stop internal electric fields from leaving the cage, thus reducing or eliminating data emanations from such devices as cell phones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
If a fire occurs in the server room, which device is the best method to put it out?
A. Class A extinguisher
B. Class B extinguisher
C. Class C extinguisher
D. Class D extinguisher
A

C. When you think Class C, think Copper. Extinguishers rated as Class C can suppress electrical fires, which are the most likely kind in a server room.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
What device will not work in a Faraday cage? (Select the best two answers.)
A. Cell phones
B. Computers
C. Pagers
D. TDR
A

A and C. Signals cannot emanate outside a Faraday cage. Therefore, cell phones and pagers will not work inside the Faraday cage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
You go out the back door of your building and noticed someone looking through your company’s trash. If this person were trying to acquire sensitive information, what would this attack be known as?
A. Browsing
B. Dumpster diving
C. Phishing
D. Hacking
A

B. Dumpster diving is when a person goes through a company’s trash to find sensitive information about an individual or a company. Browsing is not an attack but something you do when connected to the Internet. Phishing is known as acquiring sensitive information through the use of electronic communication. Nowadays, hacking is a general term used with many different types of attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
You are told by your manager to keep evidence for later use at a court proceeding.  Which of the following should you document?
A. Disaster recovery plan
B. Chain of custody
C. Key distribution center
D. Auditing
A

B. A chain of custody is the chronological documentation or paper trail of evidence. A disaster recovery plan details how a company will recover from a disaster with such methods as backup data and sites. A key distribution center is used with the Kerberos protocol. Auditing is the verification of logs and other information to find out who did what action and when and where.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Which law protects your Social Security number and other pertinent information?
A. HIPAA
B. SOX
C. The National Security Agency
D. The Gramm-Leach-Bliley Act
A

D. The Gramm-Leach-Bliley Act protects private information such as Social Security numbers. HIPAA deals with health information privacy. SOX, or the Sarbanes Oxley Act of 2002, applies to publicly held companies and accounting firms and protects shareholders in the case of fraudulent practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
User education can help to defend against which of the following? (Select the three best answers.)
A. Social engineering
B. Phishing
C. Rainbow Tables
D. Dumpster diving
A

A, B, and D. Rainbow Tables are lookup tables used when recovering passwords. User education and awareness can help defend against social engineering attacks, phishing, and dumpster diving.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of these is an example of social engineering?
A. Asking for a username and password over the phone
B. Using someone else’s unsecured wireless network
C. Hacking into a router
D. Virus

A

A. Social engineering is the practice of obtaining confidential information by manipulating people. Using someone else’s network is just theft. Hacking into a router is just that, hacking. And a virus is a self-spreading program that may or may not cause damage to files and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
What is the most common reason that social engineering succeeds?
A. Lack of vulnerability testing
B. People share passwords
C. Lack of auditing
D. Lack of user awareness
A

D. User awareness is extremely important when attempting to defend against social engineering attacks. Vulnerability testing and auditing are definitely important as part of a complete security plan but will not necessarily help defend against social engineering and definitely not as much as user awareness training. People should not share passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Which of the following is not one of the steps of the incident response process?
A. Eradication
B. Recovery
C. Containment
D. Nonrepudiation
A

D. Nonrepudiation, although an important part of security, is not part of the incident response process. Eradication, containment, and recovery are all parts of the incident response process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In which two environments would social engineering attacks be most effective? (Select the two best answers.)
A. Public building with shared office space
B. Company with a dedicated IT staff
C. Locked building
D. Military facility
E. An organization whose IT personnel have little training

A

A and E. Public buildings, shared office space, and companies with employees that have little training are all environments in which social engineering attacks are common and would be most successful. Social engineering will be less successful in secret buildings, buildings with a decent level of security such as military facilities, and organizations with dedicated and well-trained IT staff.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Of the following definitions, which would be an example of eavesdropping?
A. Overhearing parts of a conversation
B. Monitoring network traffic
C. Another person looking through your files
D. A computer capturing information from a sender

A

A. Eavesdropping is when people listen to a conversation that they are not part of. A security administrator should keep in mind that someone could always be listening and to try to protect against this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Your company expects its employees to behave in a certain way. How could a description of this behavior be documented?
A. Chain of custody
B. Separation of duties
C. Code of ethics
D. Acceptable use policy
A

C. The code of ethics describes how a company wants its employees to behave. A chain of custody is a legal and chronological paper trail. Separation of duties means that more than one person is required to complete a job. Acceptable use policy is a set of rules that restrict how a network or a computer system may be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are a forensics investigator. What is the most important reason for you to verify the integrity of acquired data?
A. To ensure that the data has not been tampered with
B. To ensure that a virus cannot be copied to the target media
C. To ensure that the acquired data is up-to-date
D. To ensure that the source data will fit on the target media

A

A. Before analyzing any acquired data, you need to make sure that the data has not been tampered with, so you should verify the integrity of the acquired data before analysis.

17
Q
Of the following, which type of fire suppression can prevent damage to computers and servers?
A. Class A
B. Water
C. CO2
D. ABC extinguishers
A

C. CO2 is the best answer that will prevent damage to computers because it is air-based, not water-based. CO2 displaces oxygen. Fire needs oxygen; without it the fire will go out. All the others have substances that can damage computers. However, because CO2 can possibly cause ESD damage, the best solution in a server room would be Halotron or FE-36.

18
Q
You are the security administrator for your organization. You have just identified a malware incident. Of the following, what should be your first response?
A. Containment
B. Removal
C. Recovery
D. Monitoring
A

A. Most organizations’ incident response procedures will specify that containment of the malware incident should be first. Next would be the removal, then recovery of any damaged systems, and finally monitoring that should actually be going on at all times.

19
Q
A man pretending to be a data communications repair technician enters your building and states that there is networking trouble and he needs access to the server room. What is this an example of?
A. Man-in-the-middle attack
B. Virus
C. Social engineering
D. Chain of custody
A

C. Any person pretending to be a data communications repair person would be attempting a social engineering attack.

20
Q
Employees are asked to sign a document that describes the methods of accessing a company’s servers. Which of the following best describes this document?
A. Acceptable use policy
B. Chain of custody
C. Incident response
D. Privacy Act of 1974
A

A. Acceptable use (or usage) policies set forth the principles for using IT equipment such as computers, servers, and network devices. Employees are commonly asked to sign such a document that is a binding agreement that they will try their best to adhere to the policy.

21
Q
One of the developers for your company asks you what he should do before making a change to the code of a program’s authentication.  Which of the following processes should you instruct him to follow?
A. Chain of custody
B. Incident response
C. Disclosure reporting
D. Change management
A

D. He should follow the change management process as dictated by your company’s policies and procedures. This might include filing forms in paper format and electronically, and notifying certain departments of the proposed changes before they are made.

22
Q
As a network administrator, one of your jobs is to deal with Internet service providers. You want to ensure that the provider guarantees end-to-end traffic performance. What is this known as?
A. SLA
B. VPN
C. DRP
D. WPA
A

A. An SLA, or service-level agreement, is the agreement between the Internet service provider and you, finding how much traffic you are allowed, and what type of performance you can expect. A VPN is a virtual private network. A DRP is a disaster recovery plan. And WPA is Wi-Fi protected access.

23
Q
Turnstiles, double entry doors, and security guards are all preventative measures for what kind of social engineering?
A. Dumpster diving
B. Impersonation
C. Piggybacking
D. Eavesdropping
A

C. Turnstiles, double entry doors, and security guards are all examples of preventative measures that attempt to defeat piggybacking. Dumpster diving is when a person looks through a coworker’s trash or a building’s trash to retrieve information. Impersonation is when a person attempts to represent another person possibly with the other person’s identification. Eavesdropping is when a person overhears another person’s conversation.

24
Q
When it comes to security policies, what should HR personnel be trained in?
A. Maintenance
B. Monitoring
C. Guidelines and enforcement
D. Vulnerability assessment
A

C. Human resource personnel should be trained in guidelines and enforcement. A company’s standard operating procedures will usually have more information about this. However, a security administrator might need to train these employees in some areas of guidelines and enforcement.

25
Q
In a classified environment, clearance to top secret information that enables access to only certain pieces of information is known as what?
A. Separation of duties
B. Chain of custody
C. Nonrepudiation
D. Need to know
A

D. In classified environments, especially when accessing top secret information, a person can get access to only what they need to know.

26
Q
In addition to bribery and forgery, which of the following are the most common techniques that attackers used to socially engineer people? (Select the two best answers.)
A. Flattery
B. Assuming a position of authority
C. Dumpster diving
D. Whois search
A

A and C. The most common techniques that attackers use to socially engineer people include flattery, dumpster diving, bribery, and forgery. Although assuming a position of authority is an example of social engineering, it is not one of the most common. A WHOIS search is not necessarily malicious; it can be accomplished by anyone and can be done for legitimate reasons. This type of search can tell a person who runs a particular website or who owns a domain name.

27
Q
What is documentation that describes minimum expected behavior known as?
A. Need to know
B. Acceptable usage
C. Separation of duties
D. Code of ethics
A

D. A code of ethics is documentation that describes the minimum expected behavior of employees of a company or organization. Need to know deals with the categorizing of data and how much an individual can access. Acceptable usage defines how a user or group of users may use a server or other IT equipment. Separation of duties refers to a task that requires multiple people to complete.

28
Q

You are the security administrator for your company. You have been informed by human resources that one of the employees in accounting has been terminated. What should you do?
A. Delete the user account.
B. Speak to the employee’s supervisor about the person’s data.
C. Disable the user account.
D. Change the user’s password.

A

C. When an employee has been terminated, the employee’s account should be disabled, and the employee’s data should be stored for a certain amount of time, which should be dictated by the company’s policies and procedures. There is no need to speak to the employee’s supervisor. It is important not to delete the user account because the company may need information relating to that account later on. Changing the user’s password is not enough; the account should be disabled.

29
Q
You need to protect your datacenter from unauthorized entry at all times.  Which is the best type of physical security to implement?
A. Mantrap
B. Video surveillance
C. Nightly security guards
D. 802.1X
A

A. Mantraps are the best solution listed—they are the closest to foolproof of the listed answers. Mantraps (if installed properly) are strong enough to keep a human inside until he completes the authentication process or is escorted off the premises. This is a type of preventive security control meant to stop tailgating and piggybacking. Video surveillance will not prevent an unauthorized person from entering your datacenter, it is a detective security control. Security guards are a good idea, but if they only work at night, then they can’t
prevent unauthorized access at all times. 802.1X is an excellent authentication method, but it is logically implemented as software and devices; it is not a physical security control.

30
Q
Which of the following targets specific people?
A. Pharming
B. Phishing
C. Vishing
D. Spear phishing
A

D. Spear phishing is a targeted attack unlike regular phishing, which usually works by contacting large groups of people. Pharming is when a website’s traffic is redirected to another, illegitimate, website. Vishing is the phone/VoIP version of phishing.

31
Q
Why would you implement password masking?
A. To deter tailgating
B. To deter shoulder surfing
C. To deter impersonation
D. To deter hoaxes
A

B. Password masking is when the characters a user types into a password field are replaced, usually by asterisks. This is done to prevent shoulder surfing. Tailgating is when an unauthorized person follows an authorized person into a secure area, without the second person’s consent. Impersonation is when a person masquerades as another authorized user. A hoax is an attempt at deceiving people into believing something that is false.

32
Q

Your organization already has a policy in place that bans flash drives. What other policy could you enact to reduce the possibility of data leakage?
A. Disallow the saving of data to a network share
B. Enforce that all work files have to be password protected
C. Disallow personal music devices
D. Allow unencrypted HSMs

A

C. By creating a policy that disallows personal music devices, you reduce the possibility of data leakage. This is because many personal music devices can store data files, not just music files. This could be a difficult policy to enforce since smartphones can play music and store data. That’s when you need to configure your systems so that those devices cannot connect to the organization’s network. DLP devices would also help to prevent data leakage. Network shares are part of the soul of a network, without them, there would be chaos as far as stored data. If network shares are configured properly, there shouldn’t be much of a risk of data leakage. Password protecting files is something that would be hard to enforce, and the encryption used could very easily be subpar and easily cracked. HSMs are inherently encrypted; that is their purpose. To allow an HSM would be a good thing, but there are no unencrypted HSMs.

33
Q
Which of the following requires special handling and policies for data retention and distribution?
A. Phishing
B. Personal electronic devices
C. SOX
D. PII
A

D. PII (personally identifiable information) must be handled and distributed carefully to prevent ID theft and fraud. Phishing is the attempt at obtaining information fraudulently. Personal electronic devices should be protected and secured but do not require special policies. SOX (Sarbanes Oxley) is an act that details the disclosure of banking information.

34
Q
A targeted e-mail attack is received by your organization’s CFO. What is this an example of?
A. Vishing
B. Phishing
C. Whaling
D. Spear phishing
A

C. Whaling is a type of spear phishing that targets senior executives such as CFOs. Regular old phishing does not target anyone, but instead tries to contact as many people as possible until an unsuspecting victim can be found. Vishing is the telephone-based version of phishing. Spear phishing does target individuals but not senior executives.

35
Q
One of the accounting people is forced to change roles with another accounting person every three months. What is this an example of?
A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties
A

B. Job rotation is when people switch jobs, usually within the same department. This is done to decrease the risk of fraud. It is closely linked with separation of duties, which is when multiple people work together to complete a task; each person is given only a piece of the task to accomplish. Least privilege is when a process (or a person) is given only the bare minimum needed to complete its function. Mandatory vacations are when an employee is forced to take X amount of consecutive days vacation away from the office.

36
Q
Which of the following environmental variables reduces the possibility of static discharges (ESD)?
A. Humidity
B. Temperature
C. EMI
D. RFI
A

A. Humidity (if increased) can reduce the chance of static discharges. Temperature does not have an effect on computer systems (within reason). EMI and RFI are types of interference that in some cases could possibly increase the chance of static discharge.

37
Q
You have been ordered to implement a secure shredding system as well as privacy screens.  What two attacks is your organization attempting to mitigate?
A. Shoulder surfing
B. Impersonation
C. Phishing
D. Dumpster diving
E. Tailgating
A

A. and D. The privacy screens are being implemented to prevent shoulder surfing. The secure shredding system is being implemented to mitigate dumpster diving. Impersonation is when an unauthorized person masquerades as a legitimate, authorized person. Phishing is when an attacker attempts to fraudulently obtain information through e-mail scams. Tailgating is when a person (without proper credentials) attempts to gain access to an unauthorized area by following someone else in.