Question 1

Security policies toward programmers and web developers are developmental policies.

Accepted Answer

Security policies are developmental policies because they help to ensure that programmers and web developers follow best practices and avoid security vulnerabilities.

Question 2

A security policy is a document that defines how an organization deals with some aspect of security.

Accepted Answer

A security policy is indeed a document that outlines the guidelines and practices an organization follows to protect its resources, data, and information from various threats and vulnerabilities.

Question 3

Principal of least privilege means that no one person can perform critical tasks.

Accepted Answer

The principle of least privilege means that users are granted the minimum levels of access – or permissions – needed to perform their duties, not that no one person can perform critical tasks.

Question 4

Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______&#10;A)Desktop configuration&#10;B)Instant messaging&#10;C)USB drives&#10;D)None of the above

Accepted Answer

These are recommended guidelines for instant messaging in a business context to ensure security and appropriate use.

Question 5

New employees should receive a copy of the company's __________ policies.&#10;A)Business continuation&#10;B)Disaster recovery&#10;C)Security/acceptable use&#10;D)None of the above

Accepted Answer

New employees should receive a copy of the company's Security/Acceptable Use policies to understand the guidelines for using the company's IT resources responsibly and securely.

Question 6

You cannot disable some USB devices from end-user computers and allow others.

Accepted Answer

You can disable some USB devices from end-user computers while allowing others by using software solutions, group policy settings, or device management systems that can block or allow specific USB devices based on their identifiers.

Question 7

Passwords are an area of user policies.

Accepted Answer

Passwords are indeed an area of user policies as they are critical for ensuring the security and integrity of user accounts and systems, often outlined in security or IT policies to enforce strong authentication practices.

Question 8

On an employee's last day of work,his workstation hard drive should be searched.

Accepted Answer

It is a common practice to search an employee's workstation hard drive on their last day to ensure no sensitive or proprietary information is taken or left unsecured.

Question 9

One reason allowing a user to change the desktop configuration poses a security problem is that to change a desktop the user must also be given rights to change other system settings.

Accepted Answer

Allowing a user to change the desktop configuration can indeed pose a security problem because it often requires granting them broader system permissions, which can inadvertently give them access to modify other, potentially sensitive, system settings.

Question 10

Procedures for adding users,removing users,and dealing with security issues are examples of ___________ policies.&#10;A)User&#10;B)Computer&#10;C)System administration&#10;D)Password

Accepted Answer

These are examples of system administration policies, which outline the procedures for managing user accounts and addressing security concerns within an organization's IT infrastructure.

Question 11

An organization should not permit end users to install anything on their computer.

Accepted Answer

The answer of An organization should not permit end users...

Question 12

The plan to return a business to full normal operations is ____________&#10;A)BCP&#10;B)DRP&#10;C)BIA&#10;D)ALE

Accepted Answer

The answer of The plan to return a business to...

Question 13

__________ is the most obvious reason for organizations to provide their users with Internet access.&#10;A)Email&#10;B)Job searching&#10;C)Emergency communications&#10;D)None of the above

Accepted Answer

The answer of __________ is the most obvious reason for...

Question 14

Which of the following is an activity that falls into a gray area and might be acceptable Internet use in some organizations but not others?&#10;A)Email&#10;B)Online training&#10;C)Web meetings&#10;D)Online shopping during a break time

Accepted Answer

The answer of Which of the following is an activity...

Question 15

Which of the following should NOT be a part of an organization's policy regarding email attachments?&#10;A)It was an expected attachment.&#10;B)It came from a known source,and the source is confirmed.&#10;C)It appears to be a legitimate business document.&#10;D)None of the above

Accepted Answer

The answer of Which of the following should NOT be...

Question 16

A document that defines how an organization deals with some aspect of security is a(n)__________.&#10;A)Security policy&#10;B)Business plan&#10;C)Security update&#10;D)None of the above

Accepted Answer

The answer of A document that defines how an organization...

Question 17

The background,screensaver,font size,and resolution are elements of _______.&#10;A)Desktop configuration&#10;B)File extensions&#10;C)Passwords&#10;D)None of the above

Accepted Answer

The answer of The background,screensaver,font size,and resolution are elements of...

Question 18

Standards are specific instructions on how to handle a specific issue.

Accepted Answer

The answer of Standards are specific instructions on how to...

Question 19

A good password should have at least eight characters and use all lowercase letters.

Accepted Answer

The answer of A good password should have at least...

Question 20

Passwords,Internet use,email attachments,software installation,instant messaging,and desktop configuration are areas of ______.&#10;A)Computer policies&#10;B)User policies&#10;C)Documentation&#10;D)Network policies

Accepted Answer

The answer of Passwords,Internet use,email attachments,software installation,instant messaging,and desktop configuration...

Question 21

When an employee leaves,all _______ should be terminated.&#10;A)Web histories&#10;B)Logins&#10;C)Desktops&#10;D)Passwords

Accepted Answer

The answer of When an employee leaves,all _______ should be...

Question 22

The conflict between the users' goal for unfettered access to data and the security administrator's goal to protect that data is an issue of ______________.&#10;A)System administration&#10;B)Access control&#10;C)Password protection&#10;D)Social engineering

Accepted Answer

The answer of The conflict between the users' goal for...

Question 23

If you experience a denial-of-service attack,you can use firewall logs to determine the _______ from which the attack originated.&#10;A)Computer operating system&#10;B)Computer manufacturer&#10;C)IP address&#10;D)None of the above

Accepted Answer

The answer of If you experience a denial-of-service attack,you can...

Question 24

The principal that users have access to only network resources when an administrator explicitly grants them is called ___________.&#10;A)Implicit deny&#10;B)Least privilege&#10;C)Separation of duty&#10;D)Job rotation

Accepted Answer

The answer of The principal that users have access to...

Question 25

If you determine a virus has struck a system,the first step is to _________.&#10;A)Scan and clean infected systems&#10;B)Log the incident&#10;C)Unplug the machines from the network&#10;D)Notify appropriate organization leaders

Accepted Answer

The answer of If you determine a virus has struck...

Deck 10: Security Policies