Exploring Security Policies Flashcards

1
Q

Policies are brief ___ ____ statements that identify ____ based on an organization’s ______

A

Policies are brief HIGH LEVEL statements that identify GOALS based on an organization’s PRINCIPLES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Personnel create ____ and _____ to implement security controls

A

Personnel create PLANS and PROCEDURES to implement security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Logon banners or periodic emails help enforce what poicy?

A

Acceptable Use Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Separation of duties prevents?

A

Any single person from controlling all the functions of a critical or sensitive process by dividing tasks between employees. Helps to prevent fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In Exit Interview policies, what should ideally occur before or during the interview? Why?

A

The account should be disabled. Because there is a risk that after the interview they may be disgruntled and do something disruptive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Attack a site and insert an ad or pose as a fake advert agency to buy ads are two techniques used to for what?

A

Posting Malvertizements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Restricting P2P is done in two ways. What are they and what’s the main risk of P2P applications?

A

1) Blocking on the firewall
2) Port scanning to detect open P2P ports
3) Main risk is data leakage from inadvertently sharing info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What actions are carried if an employee breaches a policy violation?

A

Adverse Actions are taken.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If you connect a computer to a switch and do protocol analysis to look at all traffic, what do you need to be aware of to ensure you get all the traffic?

A

The switch port needs to be mirrored otherwise you will only see traffic for your machine and broadcast traffic - EVEN IN PROMISCUOUS MODE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

a no trespassing sign is an example of what kind of control? Prevention ro Deterrent?

A

Deterrent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Requiring users to enter Captcha information when registering for an account is an example of a detection or deterrent control?

A

A deterrent control as, according to the author “it prevents bots from registering and proves this is a real person.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

regarding data labels, what would apply to secret company data - top secret or proprietary?

A

Proprietary. Top Secret is reserved for governmental agencies/data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

PII and what else need to be carefully handled and protected?

A

Personal electronic devices (BYOD) because they contain PII information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A ____ test can test certain systems to confirm their operation at alternative sites

A

A PARALLEL test can test certain systems to confirm their operation at alternative sites. (term doesn’t exist in learning books, only in the practice test book)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly