Transcript Chapter 11 Test Review

CHAPTER 11: EXPLORING
OPERATIONAL SECURITY
DR. MELANIE WISCOUNT, MCKINLEY TECHNOLOGY HIGH SCHOOL
A SECURITY MANAGER NEEDS TO IDENTIFY A POLICY THAT
WILL REDUCE THE RISK OF PERSONNEL WITHIN AN
ORGANIZATION COLLUDING TO EMBEZZLE COMPANY
FUNDS. WHICH OF THE FOLLOWING IS THE BEST CHOICE?
• AUP
• Training
• Mandatory vacations
• Time-of-day restrictions
A SECURITY AUDITOR DISCOVERED THAT SEVERAL EMPLOYEES IN THE ACCOUNTING
DEPARTMENT CAN PRINT AND SIGN CHECKS. IN HER FINAL REPORT, SHE
RECOMMENDED RESTRICTING THE NUMBER OF PEOPLE WHO CAN PRINT CHECKS AND
THE NUMBER OF PEOPLE WHO CAN SIGN THEM. SHE ALSO RECOMMENDED THAT NO
ONE SHOULD BE AUTHORIZED TO PRINT AND SIGN CHECKS. WHAT POLICY IS SHE
RECOMMENDING?
• Discretionary access control
• Rule-based access control
• Separation of duties
• Job rotation
YOUR ORGANIZATION INCLUDES A SOFTWARE DEVELOPMENT DIVISION WITHIN THE IT
DEPARTMENT. ONE DEVELOPER WRITES AND MAINTAINS APPLICATIONS FOR THE SALES
AND MARKETING DEPARTMENTS. A SECOND DEVELOPER WRITES AND MAINTAINS
APPLICATIONS FOR THE PAYROLL DEPARTMENT. ONCE A EAR, THEY HAVE TO SWITCH
ROLES FOR AT LEAST A MONTH. WHAT IS THE PURPOSE OF THIS PRACTICE?
• To enforce a separation of duties policy
• To enforce a mandatory vacation policy
• To enforce a job rotation policy
• To enforce an acceptable use policy
A SECURITY MANAGER IS REVIEWING SECURITY POLICIES RELATED TO DATA LOSS.
WHICH OF THE FOLLOWING IS THE SECURITY ADMINISTRATOR MOST LIKELY TO BE
REVIEWING?
• Clean desk policy
• Separation of duties
• Job rotation
• Change management
GET CERTIFIED GET AHEAD (GCGA) HAS OUTSOURCED SOME APPLICATION
DEVELOPMENT TO YOUR ORGANIZATION. UNFORTUNATELY, DEVELOPERS AT YOUR
ORGANIZATION ARE HAVING PROBLEMS GETTING AN APPLICATION MODULE TO WORK
AND THEY WANT TO SEND THE MODULE WITH ACCOMPANYING DATA TO A THIRDPARTY VENDOR FOR HELP IN RESOLVING THE PROBLEM. WHICH OF THE FOLLOWING
SHOULD DEVELOPERS CONSIDER BEFORE DOING SO?
• Ensure that data is transit is encrypted.
• Review NDAs.
• Identify the classification of data.
• Verify the third party has an NDA in place.
TWO COMPANIES HAVE DECIDED TO WORK TOGETHER ON A PROJECT AND
IMPLEMENTED AN MOU (MEMORANDUM OF UNDERSTANDING). WHICH OF THE
FOLLOWING REPRESENTS THE GREATEST SECURITY RISK IN THIS SITUATION?
• An MOU doesn’t define responsibilities.
• An MOU includes monetary penalties if one party doesn’t meet its
responsibilities.
• An MOU can impose strict requirements for connections.
• An MOU doesn’t have strict guidelines to protect sensitive data.
YOUR ORGANIZATION IS CONSIDERING STORAGE OF SENSITIVE DATA IN A CLOUD
PROVIDER.YOUR ORGANIZATION WANTS TO ENSURE THE DATA IS ENCRYPTED WHILE AT
REST AND WHILE IN TRANSIT. WHAT TYPE OF INTEROPERABILITY AGREEMENT CAN YOUR
ORGANIZATION USE TO ENSURE THE DATA IS ENCRYPTED WHILE IN TRANSIT?
• SLA
• BPA
• MOU
• ISA
A USER RECENTLY WORKED WITH CLASSIFIED DATA ON AN UNCLASSIFIED SYSTEM.YOU
NEED TO SANITIZE ALL THE RECLAIMED SPACE ON THIS SYSTEM’S HARD DRIVES WHILE
KEEPING THE SYSTEM OPERATIONAL. WHICH OF THE FOLLOWING METHODS WILL BEST
MEET THIS GOAL?
• Use a cluster tip wiping tool
• Use a file shredding tool
• Degauss the disk
• Physically destroy the disk
A NETWORK ADMINISTRATOR NEEDS TO UPDATE THE OPERATING SYSTEM ON
SWITCHES USED WITHIN THE NETWORK. ASSUMING THE ORGANIZATION IS
FOLLOWING STANDARD BEST PRACTICES, WHAT SHOULD THE ADMINISTRATOR DO
FIRST?
• Submit a request using the baseline configuration process.
• Submit a request using the incident management process.
• Submit a request using the change management process.
• Submit a request using the application patch management process.
SECURITY PERSONNEL RECENTLY RELEASED AN ONLINE TRAINING MODULE ADVISING
EMPLOYEES NOT TO SHARE PERSONAL INFORMATION ON ANY SOCIAL MEDIA WEB SITES
THAT THEY VISIT. WHAT IS THIS ADVICE MOST LIKELY TO TRY TO PREVENT?
• Spending time on non-work-related sites
• Phishing attack
• Cognitive password attacks
• Rainbow table attack
YOUR ORGANIZATION BLOCKS ACCESS TO SOCIAL MEDIA WEB SITES. THE PRIMARY
PURPOSE IS TO PREVENT DATA LEAKAGE, SUCH AS THE ACCIDENTAL DISCLOSURE OF
PROPRIETARY INFORMATION. WHAT IS AN ADDITIONAL SECURITY BENEFIT OF THIS
POLICY ?
• Improves employee productivity
• Enables cognitive password attacks
• Prevents P2P file sharing
• Protects against banner ad malware
YOUR ORGANIZATION HOSTS A WEB-BASED SERVER THAT REMOTE ADMINISTRATORS
ACCESS VIA TELNET. MANAGEMENT WANTS TO INCREASE THEIR NIGHTS TO PROSECUTE
UNAUTHORIZED PERSONNEL WHO ACCESS THIS SERVER. WHICH OF THE FOLLOWING IS
THE BEST CHOICE?
• Enable SSH instead of Telnet
• Enable banner ads
• Enable FTP logging
• Add a warning banner
AN INCIDENT RESPONSE TEAM IS FOLLOWING TYPICAL INCIDENT PROCEDURES. WHICH
OF THE FOLLOWING PHASES IS THE BEST CHOICE FOR ANALYZING AN INCIDENT WITH A
GOAL OF IDENTIFYING STEPS TO PREVENT A REOCCURRENCE OF THE INCIDENT?
• Preparation
• Identification
• Mitigation
• Lessons learned
AFTER RECENT INCIDENT, A FORENSIC ANALYST WAS GIVEN SEVERAL HARD DRIVES TO
ANALYZE. WHAT SHOULD THE ANALYST DO FIRST?
• Take screenshots and capture system images
• Take hashes and screenshots
• Take hashes and capture system images
• Perform antivirus scans and create chain-of-custody documents
A FORENSIC EXPERT IS PREPARING TO ANALYZE A HARD DRIVE. WHICH OF THE
FOLLOWING SHOULD THE EXPERT DO FIRST?
• Capture an image
• Identify the order of volatility
• Create a chain-of-custody document
• Take a screenshot
A SECURITY ANALYST TAGGED A COMPUTER STATING WHEN HE TOOK POSSESSION OF IT.
WHAT IS THE BEST EXPLANATION FOR THIS?
• To calculate time offset
• To ensure the system is decommissioned
• To begin a chain of custody
• To implement separation of duties
YOU ARE HELPING YOUR ORGANIZATION CREATE A SECURITY POLICY FOR INCIDENT
RESPONSE. OF THE FOLLOWING CHOICES, WHAT IS THE BEST CHOICE TO INCLUDE
WHEN AN INCIDENT REQUIRES CONFISCATION OF A PHYSICAL ASSET?
• Ensure hashes are taken first
• Ensure witnesses sign an AUP
• Maintain the order of volatility
• Keep a record of everyone who took possession of the physical asset
AN ADMINISTRATOR RECENTLY LEARNED OF AN ATTACK ON A VIRGINIA-BASED WEB
SERVER FROM IP ADDRESS 72.52.206.134 AT 11:35:33 GMT. HOWEVER, AFTER
INVESTIGATING THE LOGS, HE IS UNABLE TO SEE ANY TRAFFIC FROM THAT IP ADDRESS AT
THAT TIME. WHICH OF THE FOLLOWING IS THE MOST LIKELY REASON WHY THE
ADMINISTRATOR WAS UNABLE TO IDENTIFY THE ATTACK?
• He did not account for time offsets
• He did not capture an image
• The IP address has expired
• The logs were erased when the system was rebooted
PERSONNEL IN AN ORGANIZATION ARE SHARING THEIR ACCESS CODES TO CIPHER
LOCKS WITH UNAUTHORIZED PERSONNEL. AS A RESULT, UNAUTHORIZED PERSONNEL
ARE ACCESSING RESTRICTED AREAS OF THE BUILDING. WHAT IS THE BEST RESPONSE TO
REDUCE THIS RISK?
• Implement a management control
• Implement a technical control
• Implement an AUP
• Provide security training to personnel
YOUR ORGANIZATION HAS SPENT A SIGNIFICANT AMOUNT OF MONEY ON TRAINING
EMPLOYEES ON SECURITY AWARENESS.YOUR ORGANIZATION WANTS TO VALIDATE THE
SUCCESS OF THIS TRAINING. WHICH OF THE FOLLOWING IS THE BEST CHOICE?
• Implement role-based training
• Use metrics
• Use security policies
• Verify PII
THE PRIMARY PURPOSE OF SECURITY POLICIES IS TO:
• Establish legal grounds for prosecution
• Improve IT service performance
• Reduce the risk of security breaches
• Ensure users are accountable for their actions
YOU HAVE BEEN TASKED WITH CREATING A CORPORATE SECURITY POLICY
REGARDING SMART PHONE USAGE FOR BUSINESS PURPOSES. WHAT
SHOULD YOU DO FIRST?
• Issue smart phones to all employees
• Obtain support from management
• Get a legal opinion
• Create the first draft of the policy
CHRISTINE IS THE SERVER ADMINISTRATOR FOR CONTOSO CORPORATION.
HER MANAGER PROVIDED STEP-BY-STEP SECURITY POLICIES OUTLINING
HOW SERVERS SHOULD BE CONFIGURED TO MAXIMIZE SECURITY. WHICH
TYPE OF SECURITY POLICY WILL CHRISTINE BE IMPLEMENTING?
• Mail server acceptable user policy
• VPN server acceptable use policy
• Procedural policy
• File server acceptable use policy
WHICH OF THE FOLLOWING ARE EXAMPLES OF PII?
(CHOOSE TWO)
• Private IP address on an internal network
• Mobile phone number
• Digital certificate
• Gender
AFTER A LENGTHY INTERVIEWING PROCESS YOUR COMPANY HIRED A NEW PAYROLL
CLERK NAMED STACEY. STACEY WILL BE USING A WEB BROWSER ON A COMPANY
COMPUTER AT THE OFFICE TO ACCESS THE PAYROLL APPLICATION ON A PUBLIC
CLOUD PROVIDER WEB SITE OVER THE INTERNET. WHICH TYPE OF DOCUMENT
SHOULD STACEY READ AND SIGN?
• Internet acceptable use policy
• Password policy
• Service level agreement
• Remote access acceptable use policy
YOU ARE CONFIGURING A PASSWORD POLICY FOR USERS N THE BERLIN OFFICE.
PASSWORDS MUST BE CHANGED EVERY 60 DAYS.YOU MUST ENSURE THAT USER
PASSWORDS CANNOT BE CHANGED MORE THAN ONCE WITHIN THE 60-DAY
INTERVAL. WHAT SHOULD YOU CONFIGURE?
• Minimum password age
• Maximum password age
• Password complexity
• Password history
YOU HAVE BEEN HIRED AS A CONSULTANT BY PHARMACEUTICAL COMPANY. THE
COMPANY IS CONCERNED THAT CONFIDENTIAL DRUG RESEARCH DOCUMENTS
MIGHT BE RECOVERED FROM DISPOSED HARD DISKS. WHAT SHOULD YOU
RECOMMEND?
• Format the hard drives
• Repartition the hard drives
• Freeze the hard drives
• Physically shred the hard drives
ACME CORPORATION IS UPGRADING ITS NETWORK ROUTERS. THE OLD ROUTERS
WILL BE SENT TO THE HEAD OFFICE BEFORE THEY ARE DISPOSED OF. WHAT MUST BE
DONE TO THE ROUTERS PRIOR TO DISPOSAL TO MINIMIZE SECURITY BREACHES?
• Change the router privileged mode password
• Remove DNS server entries from the router configuration
• Set the router to factory default settings
• Format the router hard drive
YOUR COMPANY HAS DECIDED TO ADOPT A PUBLIC CLOUD DEVICE MANAGEMENT
SOLUTION WHERE ALL DEVICES ARE CENTRALLY MANAGED FROM A WEB SITE
HOSTED ON SERVERS IN A DATA CENTER. MANAGEMENT HAS INSTRUCTED YOU TO
ENSURE THAT THE SOLUTION IS RELIABLE AND ALWAYS AVAILABLE. WHICH TYPE OF
DOCUMENT SHOULD YOU FOCUS ON?
• Password policy
• Service legal agreement
• Remote access acceptable use policy
• Mobile device acceptable use policy
WHICH OF THE FOLLOWING BEST EMBODIES THE CONCEPT OF LEAST PRIVILEGE?
• Detecting inappropriate Internet use
• Detecting malware running without elevated privileges
• Assigning users full control permissions to network resources
• Assigning needed permissions to enable users to complete a task
WHICH OF THE FOLLOWING BEST EMBODIES THE
CONCEPT OF LEAST PRIVILEGE?
• Detecting inappropriate Internet use
• Detecting malware running without elevated privileges
• Assigning users full control permissions to network resources
• Assigning needed permissions to enable users to complete a task
THE CREATION OF DATA SECURITY POLICIES IS MOST
AFFECTED BY WHICH TWO FACTORS? (CHOOSE TWO)
• Industry regulations
• IP addressing scheme being used
• Operating system version being used
• PII
AS THE NETWORK ADMINISTRATOR FOR YOUR COMPANY,YOU ARE
CREATING A SECURITY POLICY SUCH THAT DEVICES CONNECTING TO
THE CORPORATE VPN MUST HAVE A TRUSTED DIGITAL CERTIFICATE
INSTALLED. WHICH TYPE OF SECURITY POLICY ARE YOU CREATING?
• Mobile device encryption policy
• Accountability policy
• Authentication policy
• Remote access policy
YOU RECEIVE THE EMAIL MESSAGE SHOWN HER. WHAT TYPE OF THREAT IS THIS?
DEAR VALUED ACME BANK CUSTOMER:
ACME BANK WILL BE UPDATING WEB SERVER BANKING SOFTWARE NEXT WEEK. TO ENSURE CONTINUED
ACCESS TO YOUR ACCOUNTS, WE ASK THAT YOU GO TO HTTP://WWW.ACMEBANK.US/ACCOUNTS AND
RESET YOUR PASSWORD WITHIN THE NEXT 24 HOURS. WE SINCERELY APPRECIATE YOUR BUSINESS.
• Denial of service
• Phishing attack
• Zero-day exploit
• Ping of death
YOU ARE TESTING YOUR ROUTER CONFIGURATION AND DISCOVER A
SECURITY VULNERABILITY. AFTER SEARCHING THE INTERNET,YOU
REALIZE THAT THIS VULNERABILITY IS UNKNOWN. WHAT TYPE OF
ATTACK IS YOUR ROUTER VULNERABLE TO?
• Denial of service
• Phishing attack
• Zero-day exploit
• Ping of death
YOU ARE TESTING YOUR ROUTER CONFIGURATION AND DISCOVER A
SECURITY VULNERABILITY. AFTER SEARCHING THE INTERNET,YOU
REALIZE THAT THIS VULNERABILITY IS UNKNOWN. WHAT TYPE OF
ATTACK IS YOUR ROUTER VULNERABLE TO?
• Denial of service
• Phishing attack
• Zero-day exploit
• Ping of death
WHICH OF THE FOLLOWING OPTIONS BEST DESCRIBE
PROPER USAGE OF PII?
(CHOOSE TWO.)
• Law enforcement tracking an Internet offender using a
public IP address
• Distributing an email contact list to marketing firms
• Logging into a secured laptop using a fingerprint
scanner
• Due diligence
YOUR COMPANY RESTRICTS FIREWALL ADMINISTRATORS FROM
MODIFYING FIREWALL LOGS. ONLY IT SECURITY PERSONNEL
ARE ALLOWED TO DO THIS. WHAT IS THIS AN EXAMPLE OF?
• Due care
• Separation of duties
• Principle of least privilege
• Acceptable use
YOU ARE THE NETWORK ADMINISTRATOR FOR A LEGAL FIRM. USERS IN VANCOUVER MUST BE ABLE TO VIEW
TRADE SECRETS FOR PATENT SUBMISSION.YOU SHARE A NETWORK FOLDER CALLED TRADE SECRETS AND
ALLOW THE FOLLOWING NTFS PERMISSIONS:
VANCOUBER_STAFF: READ, LIST FOLDER CONTENTS
EXECUTIVES: WRITE
IT_ADMINS: FULL CONTROL
• Job rotation
• Least privilege
• Mandatory vacations
• Separation of duties
YOUR LOCAL ISP PROVIDES A PDF FILE STATING A 99.97
PERCENT SERVICE AVAILABILITY FOR IT CONNECTIVITY TO THE
INTERNET. HOW WOULD YOU CLASSIFY THIS TYPE OF
DOCUMENTATION?
• Top secret
• Acceptable use policy
• Service level agreement
• Availability
WHICH OF THE FOLLOWING STATEMENTS
ARE TRUE? (CHOOSE TWO).
• Security labels are used for data classifications such as
restricted and top secret.
• PII is applicable only to biometric authentication
devices.
• Forcing user password changes is considered change
management
• A person’s signature on a check is considered PII.
WHICH OF THE FOLLOWING BEST ILLUSTRATES POTENTIAL
SECURITY PROBLEMS RELATED TO SOCIAL NETWORKING
SITES?
• Other users can easily see your IP address.
• Talkative employees can expose a company’s
intellectual property.
• Malicious users can use your pictures for
steganography.
• Your credit card number is easily stolen.
AS THE IT SECURITY OFFICER, YOU ESTABLISH A SECURITY POLICY
REQUIRING THAT USERS PROTECT ALL PAPER DOCUMENTS SO THAT
SENSITIVE CLIENT,VENDOR, OR COMPANY DATA IS NOT STOLEN. WHAT
TYPE OF POLICY IS THIS?
• Privacy
• Acceptable use
• Clean desk
• Password
WHAT IS THE PRIMARY PURPOSE OF
ENFORCING A MANDATORY VACATION
POLICY?
• To adhere to government regulations
• To ensure employees are refreshed
• To allow other employees to experience other job
roles
• To prevent improper activity
WHAT DOES A PRIVACY POLICY PROTECT?
• Customer data
• Trade secrets
• Employee home directories
• Firewall configurations
WHICH OF THE FOLLOWING STATEMENTS
ABOUT A SECURITY POLICY ARE TRUE?
(CHOOSE TWO.)
• Users must read and sign the security policy
• It guarantees a level of uptime for IT services
• It is composed of subdocuments
• Management approval must be obtained
YOU ARE DEVELOPING A SECURITY TRAINING OUTLINE FOR
THE ACCOUNTING DEPARTMENT THAT WILL TAKE IN THE
OFFICE. WHICH TWO ITEMS SHOULD NOT BE INCLUDED IN
THE TRAINING? (CHOOSE TWO)
• Firewall configuration
• The Accounting department’s support of security
initiatives
• Physical security
• Social engineering
YOU ARE DEVELOPING A SECURITY TRAINING OUTLINE FOR
THE ACCOUNTING DEPARTMENT THAT WILL TAKE IN THE
OFFICE. WHICH TWO ITEMS SHOULD NOT BE INCLUDED IN THE
TRAINING? (CHOOSE TWO)
• Firewall configuration
• The Accounting department’s support of
security initiatives
• Physical security
• Social engineering
YOU ARE A FILE SERVER ADMINISTRATOR FOR A HEALTH ORGANIZATION.
MANAGEMENT HAS ASKED YOU TO CONFIGURE YOUR SERVERS TO APPROPRIATELY
CLASSIFY FILES CONTAINING PATIENT MEDICAL HISTORY DATA. WHAT IS AN
APPROPRIATE DATA CLASSIFICATION FOR THESE TYPE OF FILES. (CHOOSE ALL THAT
APPLY.)
• High
• Medium
• Low
• Private
• Public
• Confidential
YOUR COMPANY PROVIDES A PAPER DOCUMENT SHREDDER ON EACH FLOOR OF A
BUILDING. WHAT SECURITY ISSUE DOES THIS ADDRESS?
• Data handling
• Clean desk policy
• Tailgating
• Mantrap