Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

security knowledge bank > SEC+ Revision Questions Security Policies and Standards > Flashcards

SEC+ Revision Questions Security Policies and Standards Flashcards

1
Q
  1. The primary purpose of security policies is to:

A. Establish legal grounds for prosecution
B. Improve IT service performance
C. Reduce the risk of security breaches
D. Ensure users are accountable for their actions

A

C. Reduce the risk of security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. You have been tasked with creating a corporate security policy regarding smartphone usage for business purposes. What should you do first?

A. Issue smartphones to all employees.
B. Obtain support from management.
C. Get a legal opinion.
D. Create the first draft of the policy.

A

B. Obtain support from management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Christine is the server administrator for Contoso Corporation. Her manager provided step-by- step security policies outlining how servers should be configured to maximize security. Which type of security policy will Christine be implementing?
    A. Mail server acceptable use policy
    B. VPN server acceptable use policy
    C. Procedural policy
    D. File server acceptable use policy
A

C. Procedural policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following are examples of PII? (Choose two.)

A. Private IP address on an internal network
B. Mobile phone number
C. Digital certificate
D. Gender

A

B. Mobile phone number
C. Digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. After a lengthy interviewing process, your company hired a new payroll clerk named Stacey. Stacey will be using a web browser on a company computer at the office to access the payroll application on a public cloud provider web site over the Internet. Which type of document should Stacey read and sign?

A. Internet acceptable use policy
B. Password policy
C. Service level agreement
D. Remote access acceptable use policy

A

A. Internet acceptable use policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. You are configuring a password policy for users in the Berlin office. Passwords must be changed every 60 days. You must ensure that user passwords cannot be changed more than once within the 60-day interval. What should you configure?

A. Minimum password age
B. Maximum password age
C. Password complexity
D. Password history

A

A. Minimum password age

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. You have been hired as a consultant by a pharmaceutical company. The company is concerned that confidential drug research documents might be recovered from disposed hard disks. What should you recommend?

A. Format the hard drives.
B. Repartition the hard drives.
C. Freeze the hard drives.
D. Physically shred the hard drives.

A

Physically shred the hard drives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Acme Corporation is upgrading its network routers. The old routers will be sent to the head office before they are disposed of. What must be done to the routers prior to disposal to minimize security breaches?

A. Change the router privileged mode password.
B. Remove DNS server entries from the router configuration.
C. Set the router to factory default settings.
D. Format the router hard drive.

A

C. Set the router to factory default settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Your company has decided to adopt a public cloud device management solution where all devices are centrally managed from a website hosted on servers in a data center. Management has instructed you to ensure that the solution is reliable and always available. Which type of document should you focus on?

A. Password policy
B. Service level agreement
C. Remote access acceptable use policy
D. Mobile device acceptable use policy

A

B. Service level agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which of the following best embodies the concept of least privilege?

A. Detecting inappropriate Internet use
B. Detecting malware running without elevated privileges
C. Assigning users full control permissions to network resources
D. Assigning needed permissions to enable users to complete a task

A

D. Assigning needed permissions to enable users to complete a task

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. The creation of data security policies is most affected by which two factors? (Choose two.)
    A. Industry regulations
    B. IP addressing scheme being used
    C. Operating system version being used
    D. PII
A

PII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. As the network administrator for your company, you are creating a security policy such that devices connecting to the corporate VPN must have a trusted digital certificate installed. Which type of security policy are you creating?
    A. Mobile device encryption policy
    B. Accountability policy
    C. Authentication policy
    D. Remote access policy
A

Remote access policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. You are reviewing surveillance camera footage after items have gone missing from your company’s office in the evenings. On the video you notice an unidentified person entering the building’s main entrance behind an employee who unlocked the door with their swipe card. What type of security breach is this?
    A. Tailgating
    B. Mantrapping
    C. Horseback riding
    D. Door jamming
A

Tailgating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. You receive the e-mail message shown here. What type of threat is this?

Dear valued Acme Bank customer,
Acme Bank will be updating web server banking software next week. To ensure continued access to your accounts, we ask that you go to http://www.acmebank.us./accounts and reset your password within the next 24 hours. We sincerely appreciate your business.
Acme Bank

A. Denial of service
B. Phishing attack
C. Zero-day exploit
D. Ping of death

A

Phishing attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. You are testing your router configuration and discover a security vulnerability. After searching the Internet, you realize that this vulnerability is unknown. Which type of attack is your router vulnerable to?

A. Denial of service
B. Phishing attack
C. Zero-day exploit
D. Ping of death

A

C. Zero-day exploit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following options best describe proper usage of PII? (Choose two.)

A. Law enforcement tracking an Internet offender using a public IP address
B. Distributing an e-mail contact list to marketing firms
C. Logging into a secured laptop using a fingerprint scanner
D. Due diligence

A

A. Law enforcement tracking an Internet offender using a public IP address

C. Logging into a secured laptop using a fingerprint scanner

17
Q
  1. Your company restricts firewall administrators from modifying firewall logs. Only IT security personnel are allowed to do this. What is this an example of?

A. Due care
B. Separation of duties
C. Principle of least privilege
D. Acceptable use

A

Separation of duties

18
Q
  1. You are the network administrator for a legal firm. Users in Melbourne must be able to view trade secrets for patent submission. You share a network folder called Trade Secrets and allow the following NTFS permissions:

Melbourne Staff: Read, List Folder Contents Executives: Write
IT Admins: Full Control
Regarding Melbourne employees, which principle is being adhered to?

A. Job rotation
B. Least privilege
C. Mandatory vacations
D. Separation of duties

A

Least privilege

19
Q
  1. Your local ISP provides a PDF file stating a 99.97 percent service availability for
    T1 connectivity to the Internet. How would you classify this type of documentation?

A. Top secret
B. Acceptable use policy
C. Service level agreement
D. Availability

A

Service level agreement

20
Q
  1. The Accounts Payable department notices large out-of-country purchases made using a corporate credit card. After discussing the matter with Juan, the employee whose name is on the credit card, they realize somebody has illegally obtained the credit card details. You also learn that he recently received an e-mail from what appeared to be the credit card company asking him to sign in to their website to validate his account, which he did. How could this have been avoided?

A. Provide credit card holders with smart cards.
B. Tell users to increase the strength of online passwords.
C. Install a workstation-based firewall.
D. Provide security awareness training to employees.

A

D. Provide security awareness training to employees.

21
Q
  1. Which of the following statements are true? (Choose two.)

A. Security labels are used for data classifications such as restricted and top secret.
B. PII is applicable only to biometric authentication devices.
C. Forcing user password changes is considered change management.
D. A person’s signature on a check is considered PII.

A

B. PII is applicable only to biometric authentication devices.
D. A person’s signature on a check is considered PII.

22
Q
  1. Which of the following best illustrates potential security problems related to social networking sites?

A. Other users can easily see your IP address.
B. Talkative employees can expose a company’s intellectual property.
C. Malicious users can use your pictures for steganography.
D. Your credit card number is easily stolen.

A

B. Talkative employees can expose a company’s intellectual property.

23
Q
  1. As the IT security officer, you establish a security policy requiring that users protect all paper documents so that sensitive client, vendor, or company data is not stolen. What type of policy is this?

A. Privacy
B. Acceptable use
C. Clean desk
D. Password

A

Clean desk

24
Q
  1. What is the primary purpose of enforcing a mandatory vacation policy?

A. To adhere to government regulation
B. To ensure employees are refreshed
C. To allow other employees to experience other job roles
D. To prevent improper activity

A

To prevent improper activity

25
Q
  1. What does a privacy policy protect?

A. Customer data
B. Trade secrets
C. Employee home directories
D. Firewall configurations

A

Customer data

26
Q
  1. Which of the following statements about a security policy are true? (Choose two.)

A. Users must read and sign the security policy.
B. It guarantees a level of uptime for IT services.
C. It is composed of subdocuments.
D. Management approval must be obtained.

A

C. It is composed of subdocuments.
D. Management approval must be obtained.

27
Q
  1. You are developing a security training outline for the Accounting department that will take in the office. Which two items should not be included in the training? (Choose two.)

A. Firewall configuration
B. The Accounting department’s support of security initiatives
C. Physical security
D. Social engineering

A

A. Firewall configuration
B. The Accounting department’s support of security initiatives

28
Q
  1. Choose the correct statement:

A. Users are assigned classification labels to access sensitive data.
B. Data is assigned clearance levels to access sensitive data.
C. Data is assigned clearance levels to protect sensitive data.
D. Users are assigned clearance levels to access sensitive data.

A

D. Users are assigned clearance levels to access sensitive data.

29
Q
  1. You are a file server administrator for a health organization. Management has asked you to configure your servers to appropriately classify files containing patient medical history data. What is an appropriate data classification for these type of files? (Choose all that apply.)
    A. High
    B. Medium
    C. Low
    D. Private
    E. Public
    F. Confidential
A

A. High
D. Private
F. Confidential

30
Q
  1. You are configuring a Wi-Fi network for a clothing retail outlet. In accordance with the Payment Card Industry (PCI) regulations for companies handling payment cards, you must ensure default passwords are changed on the wireless router. This is best described as:

A. PCI policy
B. Compliance with security standards
C. User education and awareness
D. Wi-Fi policy

A

B. Compliance with security standards

31
Q
  1. Your company provides a paper document shredder on each floor of a building. What security issue does this address?

A. Data handling
B. Clean desk policy
C. Tailgating
D. Mantrap

A

A. Data handling

32
Q
  1. Your company’s BYOD policy pays a monthly stipend to employees who use their personal smartphones for work purposes. What type of app should the company ensure is installed and running on all BYOD smartphones?

A. Weather app
B. eBay app
C. PDF reader app
D. Antivirus app

A

D. Antivirus app

33
Q
  1. What is the best defense against new viruses?

A. Keeping antivirus definitions up to date
B. Turning off the computer when not in use
C. Not connecting to Wi-Fi networks
D. Using digital certificates for authentication

A

Keeping antivirus definitions up to date

34
Q
  1. You and your IT team have completed drafting security policies for e-mail acceptable use and remote access through the company VPN. Users currently use both e-mail and the VPN. What must be done next? (Choose two.)

A. Update VPN appliance firmware.
B. Provide security user awareness training.
C. Encrypt all user mail messages.
D. Mandate security awareness testing for users.

A

B. Provide security user awareness training.

D. Mandate security awareness testing for users.

security knowledge bank (23 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions