Exploring Security Policies

Question 1

Policies are brief ___ ____ statements that identify ____ based on an organization’s ______

Answer 1

Policies are brief HIGH LEVEL statements that identify GOALS based on an organization’s PRINCIPLES

Question 2

Personnel create ____ and _____ to implement security controls

Answer 2

Personnel create PLANS and PROCEDURES to implement security controls

Question 3

Logon banners or periodic emails help enforce what poicy?

Answer 3

Acceptable Use Policy

Question 4

Separation of duties prevents?

Answer 4

Any single person from controlling all the functions of a critical or sensitive process by dividing tasks between employees. Helps to prevent fraud

Question 5

In Exit Interview policies, what should ideally occur before or during the interview? Why?

Answer 5

The account should be disabled. Because there is a risk that after the interview they may be disgruntled and do something disruptive

Question 6

Attack a site and insert an ad or pose as a fake advert agency to buy ads are two techniques used to for what?

Answer 6

Posting Malvertizements

Question 7

Restricting P2P is done in two ways. What are they and what’s the main risk of P2P applications?

Answer 7

1) Blocking on the firewall
2) Port scanning to detect open P2P ports
3) Main risk is data leakage from inadvertently sharing info

Question 8

What actions are carried if an employee breaches a policy violation?

Answer 8

Adverse Actions are taken.

Question 9

If you connect a computer to a switch and do protocol analysis to look at all traffic, what do you need to be aware of to ensure you get all the traffic?

Answer 9

The switch port needs to be mirrored otherwise you will only see traffic for your machine and broadcast traffic - EVEN IN PROMISCUOUS MODE

Question 10

a no trespassing sign is an example of what kind of control? Prevention ro Deterrent?

Answer 10

Deterrent

Question 11

Requiring users to enter Captcha information when registering for an account is an example of a detection or deterrent control?

Answer 11

A deterrent control as, according to the author “it prevents bots from registering and proves this is a real person.

Question 12

regarding data labels, what would apply to secret company data - top secret or proprietary?

Answer 12

Proprietary. Top Secret is reserved for governmental agencies/data

Question 13

PII and what else need to be carefully handled and protected?

Answer 13

Personal electronic devices (BYOD) because they contain PII information

Question 14

A ____ test can test certain systems to confirm their operation at alternative sites

Answer 14

A PARALLEL test can test certain systems to confirm their operation at alternative sites. (term doesn’t exist in learning books, only in the practice test book)