Type
Quiz
Book Title
Computer Security Fundamentals (Pearson IT Cybersecurity Curriculum (ITCC)) 3rd Edition
ISBN 13
978-0789757463

978-0789757463 Chapter 10

February 27, 2021
True / False
1. A security policy is a document that defines how an organization deals with some
aspect of security.
2. Passwords are an area of user policies.
3. A good password should have at least eight characters and use all lowercase letters.
4. An organization should not permit end users to install anything on their computer.
5. On an employee’s last day of work, his workstation hard drive should be searched.
6. Principal of least privilege means that no one person can perform critical tasks.
7. One reason allowing a user to change the desktop configuration poses a security
problem is that to change a desktop the user must also be given rights to change other
system settings.
8. You cannot disable some USB devices from end-user computers and allow others.
9. Standards are specific instructions on how to handle a specific issue.
10. Security policies toward programmers and web developers are developmental
policies.
Multiple Choice
1. A document that defines how an organization deals with some aspect of security is a(n)
__________.
a. Security policy
b. Business plan
c. Security update
d. None of the above
2. Passwords, Internet use, email attachments, software installation, instant messaging,
and desktop configuration are areas of ______.
a. Computer policies
b. User policies
c. Documentation
d. Network policies
3. The plan to return a business to full normal operations is ____________
a. BCP
b. DRP
c. BIA
d. ALE
4. __________ is the most obvious reason for organizations to provide their users with
Internet access.
a. Email
b. Job searching
c. Emergency communications
d. None of the above
5. Which of the following is an activity that falls into a gray area and might be acceptable
Internet use in some organizations but not others?
a. Email
b. Online training
c. Web meetings
d. Online shopping during a break time
6. Which of the following should NOT be a part of an organization’s policy regarding
email attachments?
a. It was an expected attachment.
b. It came from a known source, and the source is confirmed.
c. It appears to be a legitimate business document.
d. None of the above
7. Use for business communications only and the disallowing of the transmission of
confidential business information are recommended guidelines for _______
a. Desktop configuration
b. Instant messaging
c. USB drives
d. None of the above
8. The background, screensaver, font size, and resolution are elements of _______.
a. Desktop configuration
b. File extensions
c. Passwords
d. None of the above
9. Procedures for adding users, removing users, and dealing with security issues are
examples of ___________ policies.
a. User
b. Computer
c. System administration
d. Password
10. New employees should receive a copy of the company’s __________ policies.
a. Business continuation
b. Disaster recovery
c. Security/acceptable use
d. None of the above
11. When an employee leaves, all _______ should be terminated.
a. Web histories
b. Logins
c. Desktops
d. Passwords
12. If you determine a virus has struck a system, the first step is to _________.
a. Scan and clean infected systems
b. Log the incident
c. Unplug the machines from the network
d. Notify appropriate organization leaders
13. If you experience a denial-of-service attack, you can use firewall logs to determine
the _______ from which the attack originated.
a. Computer operating system
b. Computer manufacturer
c. IP address
d. None of the above
14. The conflict between the users’ goal for unfettered access to data and the security
administrator’s goal to protect that data is an issue of ______________.
a. System administration
b. Access control
c. Password protection
d. Social engineering
15. The principal that users have access to only network resources when an administrator
explicitly grants them is called ___________.
a. Implicit deny
b. Least privilege
c. Separation of duty
d. Job rotation
1. a document that defines how an organization deals with some aspect of security is a(n) __________. a. security policy b. business plan c. security update d. none of the above answer a. there can be policies regarding end-user behavior, it response to incidents, or policies for specific issues and incidents. 2. passwords, internet use, email attachments, software installation, instant messaging, and desktop configuration are areas of ______. a. computer policies b. user policies c. documentation d. network policies answer b. 3. the plan to return a business to full normal operations is ____________ a. bcp b. drp c. bia d. ale answer b. 4. __________ is the most obvious reason for organizations to provide their users with internet access. a. email b. job searching c. emergency communications d. none of the above answer a. 5. which of the following is an activity that falls into a gray area and might be acceptable internet use in some organizations but not others? a. email b. online training c. web meetings d. online shopping during a break time answer d. 6. which of the following should not be a part of an organization’s policy regarding email attachments? a. it was an expected attachment. b. it came from a known source, and the source is confirmed. c. it appears to be a legitimate business document. d. none of the above answer d. these are all acceptable criteria for an email policy. 7. use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______ a. desktop configuration b. instant messaging c. usb drives d. none of the above answer b. the organizational guidelines for instant messaging should be strict. 8. the background, screensaver, font size, and resolution are elements of _______. a. desktop configuration b. file extensions c. passwords d. none of the above answer a. 9. procedures for adding users, removing users, and dealing with security issues are examples of ___________ policies. a. user b. computer c. system administration d. password answer c. 10. new employees should receive a copy of the company’s __________ policies. a. business continuation b. disaster recovery c. security/acceptable use d. none of the above answer c. 11. when an employee leaves, all _______ should be terminated. a. web histories b. logins c. desktops d. passwords answer b. access to all systems should be discontinued when an employee leaves. 12. if you determine a virus has struck a system, the first step is to _________. a. scan and clean infected systems b. log the incident c. unplug the machines from the network d. notify appropriate organization leaders answer c. unplugging machines from the network is the first step to quarantine the infected computer. 13. if you experience a denial-of-service attack, you can use firewall logs to determine the _______ from which the attack originated. a. computer operating system b. computer manufacturer c. ip address d. none of the above answer c. you can use the ip address information to determine who that ip address belongs to. 14. the conflict between the users’ goal for unfettered access to data and the security administrator’s goal to protect that data is an issue of ______________. a. system administration b. access control c. password protection d. social engineering answer b. 15. the principal that users have access to only network resources when an administrator explicitly grants them is called ___________. a. implicit deny b. least privilege c. separation of duty d. job rotation answer a.