Security Policies and Procedures Flashcards
Which policy dictates how an organization manages certificates and certificate acceptance?
A. Certificate policy
B. Certificate access list
C. CA accreditation
D. CRL rule
A. A certificate policy dictates how an organization uses, manages, and validates certificates.
You’re giving hypothetical examples during a required security training session when the
subject of certificates comes up. A member of the audience wants to know how a party is
verified as genuine. Which party in a transaction is responsible for verifying the identity of
a certificate holder?
A. Subscriber
B. Relying party
C. Third party
D. Omni registrar
C. The third party is responsible for assuring the relying party that the subscriber is genuine.
MTS is in the process of increasing all security for all resources. No longer will the legacy
method of assigning rights to users as they’re needed be accepted. From now on, all rights
must be obtained for the network or system through group membership. Which of the following
groups is used to manage access in a network?
A. Security group
B. Single sign-on group
C. Resource sharing group
D. AD group
A. A security group is used to manage user access to a network or system.
Which process inspects procedures and verifies that they’re working?
A. Audit
B. Business continuity plan
C. Security review
D. Group privilege management
A. An audit is used to inspect and test procedures within an organization to verify that those
procedures are working and up-to-date. The result of an audit is a report to management.
Which ISO standard states: “Privileges should be allocated to individuals on a need-to-use
basis and on an event-by-event basis, i.e. the minimum requirement for their functional role
when needed”?
A. 27002
B. 27102
C. 20102
D. 20112
A. The ISO standard 27002 (which updates 17799) states: “Privileges should be allocated
to individuals on a need-to-use basis and on an event-by-event basis, i.e. the minimum
requirement for their functional role when needed.”
On a NetWare-based system, which account is equivalent to the administrator account
in Windows?
A. Auditor
B. Supervisor
C. Root
D. Master
B. The supervisor user in NetWare is equivalent to the administrator user in Windows
Which type of policy would govern whether employees can engage in practices such as
taking gifts from vendors?
A. Termination policy
B. Endowment policy
C. Ethics policy
D. Benefit policy
C. An ethics policy is the written policy governing accepted organizational ethics.
Which of the following occurs under the security policy administered by a trusted
security domain?
A. Positive inspection
B. Confident poll
C. Voucher session
D. Trusted transaction
D. A trusted transaction occurs under the security policy administered by a trusted security
domain. Your organization may decide that it can serve as its own trusted security domain
and that it can use third-party CAs, thus allowing for additional flexibility
A periodic security audit of which of the following can help determine whether privilegegranting
processes are appropriate and whether computer usage and escalation processes
are in place and working?
A. Event logs
B. User account and ldp settings
C. User access and rights review
D. System security log files
C. A periodic security audit of user access and rights review can help determine whether
privilege-granting processes are appropriate and whether computer usage and escalation
processes are in place and working
Which Windows Firewall events are logged by default in Windows 7?
A. Dropped packets
B. Successful connections
C. Both dropped packets and successful connections
D. Neither dropped packets nor successful connections
D. By default, Windows Firewall in Windows 7 logs neither dropped packets nor successful
connections. Logging occurs only when one or both of these are turned on.
Which audits help ensure that procedures and communications methods are working
properly in the event of a problem or issue?
A. Communication
B. Escalation
C. Selection
D. Preference
B. Escalation audits help ensure that procedures and communications methods are working
properly in the event of a problem or issue.
Most CAs require what to define certificate issue processes, record keeping, and subscribers’
legal acceptance of terms?
A. CPS
B. DAC
C. SRC
D. GPM
A. Most CAs require a Certificate Practice Statement (CPS), which defines certificate issue
processes, record keeping, and subscribers’ legal acceptance of the terms of the CPS.
Which of the following is one of the most common certificates in use today?
A. X.733
B. X.50
C. X.509
D. X.500
C. One of the most common certificates in use today is the X.509 certificate. It includes
encryption, authentication, and a reasonable level of validity.
People in an organization can withhold classified or sensitive information from others in
the company when governed by what type of policy?
A. Nondisclosure
B. Suppression
C. Need-to-know
D. Revelation
C. People in an organization can withhold classified or sensitive information from others in
the company when governed by need-to-know policies.
The process of establishing boundaries for information sharing is called:
A. Disassociation
B. Compartmentalization
C. Isolation
D. Segregation
B. The process of establishing boundaries for information sharing is called
compartmentalization.