Security Policies and Procedures Flashcards

1
Q

Which policy dictates how an organization manages certificates and certificate acceptance?

A. Certificate policy
B. Certificate access list
C. CA accreditation
D. CRL rule

A

A. A certificate policy dictates how an organization uses, manages, and validates certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You’re giving hypothetical examples during a required security training session when the
subject of certificates comes up. A member of the audience wants to know how a party is
verified as genuine. Which party in a transaction is responsible for verifying the identity of
a certificate holder?

A. Subscriber
B. Relying party
C. Third party
D. Omni registrar

A

C. The third party is responsible for assuring the relying party that the subscriber is genuine.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

MTS is in the process of increasing all security for all resources. No longer will the legacy
method of assigning rights to users as they’re needed be accepted. From now on, all rights
must be obtained for the network or system through group membership. Which of the following
groups is used to manage access in a network?

A. Security group
B. Single sign-on group
C. Resource sharing group
D. AD group

A

A. A security group is used to manage user access to a network or system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which process inspects procedures and verifies that they’re working?

A. Audit
B. Business continuity plan
C. Security review
D. Group privilege management

A

A. An audit is used to inspect and test procedures within an organization to verify that those
procedures are working and up-to-date. The result of an audit is a report to management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which ISO standard states: “Privileges should be allocated to individuals on a need-to-use
basis and on an event-by-event basis, i.e. the minimum requirement for their functional role
when needed”?

A. 27002
B. 27102
C. 20102
D. 20112

A

A. The ISO standard 27002 (which updates 17799) states: “Privileges should be allocated
to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum
requirement for their functional role when needed.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

On a NetWare-based system, which account is equivalent to the administrator account
in Windows?

A. Auditor
B. Supervisor
C. Root
D. Master

A

B. The supervisor user in NetWare is equivalent to the administrator user in Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of policy would govern whether employees can engage in practices such as
taking gifts from vendors?

A. Termination policy
B. Endowment policy
C. Ethics policy
D. Benefit policy

A

C. An ethics policy is the written policy governing accepted organizational ethics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following occurs under the security policy administered by a trusted
security domain?

A. Positive inspection
B. Confident poll
C. Voucher session
D. Trusted transaction

A

D. A trusted transaction occurs under the security policy administered by a trusted security
domain. Your organization may decide that it can serve as its own trusted security domain
and that it can use third-party CAs, thus allowing for additional flexibility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A periodic security audit of which of the following can help determine whether privilegegranting
processes are appropriate and whether computer usage and escalation processes
are in place and working?

A. Event logs
B. User account and ldp settings
C. User access and rights review
D. System security log files

A

C. A periodic security audit of user access and rights review can help determine whether
privilege-granting processes are appropriate and whether computer usage and escalation
processes are in place and working

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which Windows Firewall events are logged by default in Windows 7?

A. Dropped packets
B. Successful connections
C. Both dropped packets and successful connections
D. Neither dropped packets nor successful connections

A

D. By default, Windows Firewall in Windows 7 logs neither dropped packets nor successful
connections. Logging occurs only when one or both of these are turned on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which audits help ensure that procedures and communications methods are working
properly in the event of a problem or issue?

A. Communication
B. Escalation
C. Selection
D. Preference

A

B. Escalation audits help ensure that procedures and communications methods are working
properly in the event of a problem or issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Most CAs require what to define certificate issue processes, record keeping, and subscribers’
legal acceptance of terms?

A. CPS
B. DAC
C. SRC
D. GPM

A

A. Most CAs require a Certificate Practice Statement (CPS), which defines certificate issue
processes, record keeping, and subscribers’ legal acceptance of the terms of the CPS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which of the following is one of the most common certificates in use today?

A. X.733
B. X.50
C. X.509
D. X.500

A

C. One of the most common certificates in use today is the X.509 certificate. It includes
encryption, authentication, and a reasonable level of validity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

People in an organization can withhold classified or sensitive information from others in
the company when governed by what type of policy?

A. Nondisclosure
B. Suppression
C. Need-to-know
D. Revelation

A

C. People in an organization can withhold classified or sensitive information from others in
the company when governed by need-to-know policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The process of establishing boundaries for information sharing is called:

A. Disassociation
B. Compartmentalization
C. Isolation
D. Segregation

A

B. The process of establishing boundaries for information sharing is called
compartmentalization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which policies define how individuals are brought into an organization?

A. Service policies
B. Continuity policies
C. Pay policies
D. Hiring policies

A

D. Hiring policies define how individuals are brought into an organization. They also
establish the process used to screen prospective employees for openings.

17
Q

A policy of mandatory vacations should be implemented in order to assist in:

A. The prevention of fraud
B. Identifying employees no longer needed
C. Reducing insurance expenses
D. Enforcing privilege management

A

A. A policy of mandatory vacations should be implemented in order to assist in the
prevention of fraud.

18
Q

On a Linux-based system, which account is equivalent to the administrator account
in Windows?

A. Auditor
B. Supervisor
C. Root
D. Master

A

C. The root user in Linux is equivalent to the administrator user in Windows.

19
Q

Which of the following is the basic premise of least privilege?

A. Always assign responsibilities to the administrator who has the minimum
permissions required.
B. When assigning permissions, give users only the permissions they need to do their
work and no more.
C. Regularly review user permissions and take away one that they currently have to see if
they will complain or even notice that it is missing.
D. Do not give management more permissions than users.

A

B. The basic premise of least privilege is: When assigning permissions, give users only the
permissions they need to do their work and no more.

20
Q

Which policy defines what constitutes sensitive data and applies protection to it?

A. Classification
B. BCP
C. Data review
D. Data theft

A

D. A data theft policy defines what constitutes sensitive data and applies protection to it.