Chapter 3 - Securiry Policies And Standards Flashcards
Which type of policy is not optional and must be adhered to?
Standard
Which of the following are considered PII that must be secured at all times?
A. Postal code B. Driver’s license number C. City name D. Social Security number E. Street name
B. Driver’s license number
D. Social Security number
What is the first step in creating a security policy?
Obtain management approval and support
One of the network administrators in the office has been monitoring the proxy server logs and notices that Bob has visited some inappropriate web sites. What policy is this in violation of?
AUP
Acceptable use policy
The technical team is putting together the firewall solution and needs to know what type of traffic is permitted to pass through the firewall. What policy can the technical team use to find out what traffic is permitted I pass through the firewall?
Firewall policy
The network administrator is configuring the network and wants to put restrictions on user passwords such as the length of the password, password complexity, and password history. Where can the administrator find out what the values of those settings should be set to?
Password policy
Jeff is the network administrator for a law firm and has just purchased 20 new systems for the employees. Jeff has collected all of the old computers from the employees and has searched through the hard drives and deleted any DOC and XLS files before handing the computers over to the local school. What policy may Jeff be in violation of?
Secure disposal of equipment policy
Data classification labels are applied to _____________, while clearance levels are applied to _________________.
Information, employees
You are the data owner of a set of data that is considered sensitive to the organization. If this information is leaked to the public, it could cause damage to the organization. Which of the following classification labels would you assign the data?
A. Unclassified
B. Public
C. Low
D. Private
D. Private
Bob requires the capabilities to change the system time on the computers, but instead of adding Bob to the administrators group, you grant Bob the change system time right. What security principle is this an example of?
Least Provilege
Which of the following is a good reason to ensure all employees take vacation time each year?
A. To keep the employee refreshed and energized
B. To hold employees accountable for any suspicious activity
C. To keep the employee happy
D. To raid company morale
B. To hold employees accountable for any suspicious activity
Management is concerned that an employee may be able to hide fraudulent activity for long durations while working for the company. What would you recommend to help detect an improper activity performed by employees?
Job rotation
A manager has just notified you that John, a longtime employee of the company, has been stealing money from the company and that representatives of management and HR are headed into a meeting with John to let him know he is being terminated. What should you do while they are in the meeting?
Disable the employee’s user accounts and access cards
Sue comes to you asking if it is okay if she downloads movies to her company laptop with a P2P program so that she can watch the movies while she is away in business. Which of the following is the best response?
A. Educate she in the fact that P2P programs are popular ways to spread viruses, so no, the company does not allow P2P software on its system.
B. Tell her no.
C. Tell her yes, as long as she does not watch the movies during work hours.
D. Tell her yes, as long as she places the downloaded movies on the server so that you can scan them for viruses.
A. Educate Sue on the fact that P2P programs are popular ways to spread viruses, so no, the company does not allow P2P software in its system.
What is the term used for when someone slips through an open door behind you after you have unlocked the door?
Tailgating