Policies and Procedures

Question 1

what documented procedures determines the appropriate course of action if there is a security breach?

Answer 1

Security Procedures

Question 2

physical security, document security and network security are all covered in what Policy?

Answer 2

The Security Policy

Question 3

What might government agencies that work with confidential information require from you before granting a contract?

Answer 3

Your security certified by external auditors

Question 4

Which organization certifies the functionality of security products?

Answer 4

ICSA (Institute of Chartered Secretaries and Administrators)

Question 5

Recording equipment like cell phones shouldn’t be prohibited in a security policy, TRUE or FALSE?

Answer 5

FALSE

Question 6

ensuring that employees understand the implications of installing pirated software would be included in what policy?

Answer 6

Security Policy

Question 7

What do international export controls ensure a company does?

Answer 7

1) ensure a company follows all laws and regulations regarding the import/export of software

Question 8

What should a company do to ensure export controls aren’t violated?

Answer 8

Implement controls to ensure employees don’t accidentally violate them.

Question 9

At what two points should you inform users of the security policy?

Answer 9

1) When they join

2) When they connect to an application/service

Question 10

How should monitors be placed?

Answer 10

so that visitors or people looking through windows can’t see them. Use privacy screens if necessary

Question 11

how often should you review and audit network security?

Answer 11

at least once a year

Question 12

It’s ok to allow several users to share a network account to access a shared mailbox?

Answer 12

No. Assign each of their network accounts with the privileges to access the desired mailbox.

Question 13

guards should receive periodic training to make sure they can recognize a threat and take appropriate action - TRUE or FALSE?

Answer 13

TRUE

Question 14

What policy document would you refer an employee to if they inadvertently installed a wireless access point?

Answer 14

The acceptable usage policy

Question 15

what does a security procedure define?

Answer 15

how to respond to a security event that happens on your network

Question 16

What to do when someone has locked themselves out of their account.
How to properly install or remove software.
What to do if files on a server suddenly disappear.
actions to take if there is a physical emergency.
What to do when a network computer has a virus are all examples of what?

Answer 16

security procedures

Question 17

When security training system admins, what important piece of information should they know?

Answer 17

understand the correct ways to escalate

Question 18

What are the 3 countermeasures when it comes to dealing with data remanence (data remanence = residual data)

Answer 18

1) clearing
2) purging
3) destruction

Question 19

Special forensic techniques can recover cleared data? TRUE or FALSE

Answer 19

TRUE

Question 20

What countermeasure prevents data recovery even with advanced forensic techniques?

Answer 20

Purging/Sanitization

Question 21

List 4 types of data destruction techniques

Answer 21

1) Overwriting
2) Degaussing
3) Encryption
4) Physical Destruction

Question 22

What should security professionals research for destroying data on solid state drives?

Answer 22

Sanitization commands

Question 23

What destruction method could you use for cloud based informatoin?

Answer 23

Encryption

Question 24

List 6 types of motion detection

Answer 24

1) Infra-red - heat
2) Electromechanical - circuit break
3) Photoelectric
4) Acoustic detection (sensitive, watch for false alarms)
5) Wave motion - generates wave pattern
6) Capacitance - uses magnetic field

Question 25

What can help support a proper asset management plan and simplifies maintaining accurate records?

Answer 25

tagging assets

Question 26

What are the most important types of system updates?

Answer 26

Anti-malware updates

Question 27

List the 3 advantages of using a cloud based anti-malware service

Answer 27

1) they allow access to the latest malware data within minutes of the cloud antivirus learning about it
2) they eliminate the need to continually update your software
3) requires little processing power

Question 28

List 3 disadvantages of cloud based anti-malware

Answer 28

1) they can’t run in the background
2) they may only scan core files
3) internet connection dependant

Question 29

What 3 things do definition files/databases list?

Answer 29

1) Viruses and Types
2) Virus footprints
3) How to remove them

Question 30

What 3 things does the virus engine do?

Answer 30

1) runs virus scans
2) cleans the files
3) notifies people

Question 31

Scanning for viruses without a known definition is known as what?

Answer 31

Heuristic scanning

Question 32

What are the 3 key steps in updating anti-virus components?

Answer 32

1) upgrade the anti-virus software
2) update the definitions
3) perform scans

Question 33

What 3 scenarios would you perform an On-Demand Scan?

Answer 33

1) when you first install the anti-virus
2) when you upgrade the anti-virus software
3) when you suspect a virus outbreak
- NOTE-be sure you have the latest virus definitions before an on-demand scan

Question 34

What type of scan would you perform if a virus had totally taken control of your machine?

Answer 34

Emergency Scan

Question 35

What do you need to perform an emergency scan?

Answer 35

the anti-virus emergency boot disk

Question 36

What 6 steps should you take to fix an infected computer?

Answer 36

1) first scan all potentially affected internal and external disks
2) establish cleaning station and quarantine area
3) stop users using machines in infected area
4) remove external memory devices and scan on cleaning station
5) update virus definitions on computers still operational
6) do full scans on all computers in the office

Question 37

What do the Institute of Chartered Secretaries and Adminstrators do regarding security?

Answer 37

They certify the functionality of security products