Module 37 - Security Training - Q&A Flashcards
Which of the following is the most effective mitigation for security vulnerabilities involving people? A. Firewall rules B. Disciplinary action C. Restricted access D. Training
D… Training is the most effective mitigation for security vulnerabilities involving people.
Which of the following is likely not an effective training approach for routine users?
A. Holding formal briefings
B. Classroom training
C. Asking them to read a security book
D. Sending weekly security-oriented e-mails
C. Giving routine users a security book and having them read it is likely not an effective training approach.
Your manager wants you to develop a role-based approach to security training. Which of the following roles will likely need more advanced security training in theory and techniques? A. Marketing user B. Administrative assistant C. Security auditor D. Manufacturing supervisor
C. A security auditor will likely need more advanced security training in theory and techniques.
Which of the following should be briefed to all users in the organization? A. Acceptable use policy B. Data backup and restore procedures C. User account creation procedures D. Technical encryption standards
A. The organization’s acceptable use policy should be briefed to all users in the organization.
All of the following is considered personally identifiable information, except. A. Date of birth B. Work section assignment C. Social Security number D. Home address
B. An employee’s work section assignment is not normally considered personally identifiable information.
Which of the following represents levels of data criticality or sensitivity that do not require stringent protection methods? A. Marketing blog B. Manufacturing processes C. Company financial data D. Employee records
A. A public marketing blog does not typically require stringent protection methods.
Which of the following is not normally considered compliance governance regarding data protection, unless specifically mandated as such in organizational policy? A. Gramm-Leach-Bliley B. HIPAA C. PCI standards D. NIST standards
D. Because it only promulgates standards, NIST is not considered compliance governance regarding data protection, unless the organization specifically mandates it according to policy.
Which of the following policies is designed to ensure that sensitive documents and materials are not left unattended for unauthorized persons to potentially access? A. Access control policy B. Clean desk policy C. Acceptable use policy D. Data classification policy
B. A clean desk policy is designed to ensure that sensitive documents and materials are not left unattended for unauthorized persons to potentially access.
You’ve just received an e-mail alert from a trusted security site that informs you of a new widespread phishing attack. Which of the following should you do to help prevent this attack in your organization?
A. Configure the firewall to block inbound e-mails with the word “phishing” in the message content.
B. Configure all outbound e-mail to require digital encryption and signatures.
C. Inform users so that they will take care to avoid this type of e-mail attack.
D. Block all outbound HTTPS requests that have the word “phishing” in the URL.
C. You should inform your users so that they will take care to avoid this type of e-mail attack.
Which of the following is the most meaningful measure of security training effectiveness?
A. A decrease in the types of security incidents the training focuses on
B. Surveys that indicate employee satisfaction with the training
C. An increase in security incidents not covered by security training
D. A decrease in the number of employees who feel they require the training
A. A decrease in the types of security incidents the training focuses on is the most accurate indicator of security training effectiveness.