True / False
1. A security policy is a document that defines how an organization deals with some
aspect of security.
2. Passwords are an area of user policies.
3. A good password should have at least eight characters and use all lowercase letters.
4. An organization should not permit end users to install anything on their computer.
5. On an employee’s last day of work, his workstation hard drive should be searched.
6. Principal of least privilege means that no one person can perform critical tasks.
7. One reason allowing a user to change the desktop configuration poses a security
problem is that to change a desktop the user must also be given rights to change other
system settings.
8. You cannot disable some USB devices from end-user computers and allow others.
9. Standards are specific instructions on how to handle a specific issue.
10. Security policies toward programmers and web developers are developmental
policies.
Multiple Choice
1. A document that defines how an organization deals with some aspect of security is a(n)
__________.
a. Security policy
b. Business plan
c. Security update
d. None of the above
2. Passwords, Internet use, email attachments, software installation, instant messaging,
and desktop configuration are areas of ______.
a. Computer policies
b. User policies
c. Documentation
d. Network policies
3. The plan to return a business to full normal operations is ____________
a. BCP
b. DRP
c. BIA
d. ALE
4. __________ is the most obvious reason for organizations to provide their users with
Internet access.
a. Email
b. Job searching
c. Emergency communications
d. None of the above
5. Which of the following is an activity that falls into a gray area and might be acceptable
Internet use in some organizations but not others?
a. Email
b. Online training
c. Web meetings
d. Online shopping during a break time
6. Which of the following should NOT be a part of an organization’s policy regarding
email attachments?
a. It was an expected attachment.
b. It came from a known source, and the source is confirmed.
c. It appears to be a legitimate business document.
d. None of the above
7. Use for business communications only and the disallowing of the transmission of
confidential business information are recommended guidelines for _______
a. Desktop configuration
b. Instant messaging
c. USB drives
d. None of the above
8. The background, screensaver, font size, and resolution are elements of _______.
a. Desktop configuration
b. File extensions
c. Passwords
d. None of the above
9. Procedures for adding users, removing users, and dealing with security issues are
examples of ___________ policies.
a. User
b. Computer
c. System administration
d. Password
10. New employees should receive a copy of the company’s __________ policies.
a. Business continuation
b. Disaster recovery
c. Security/acceptable use
d. None of the above
11. When an employee leaves, all _______ should be terminated.
a. Web histories
b. Logins
c. Desktops
d. Passwords
12. If you determine a virus has struck a system, the first step is to _________.
a. Scan and clean infected systems
b. Log the incident
c. Unplug the machines from the network
d. Notify appropriate organization leaders
13. If you experience a denial-of-service attack, you can use firewall logs to determine
the _______ from which the attack originated.
a. Computer operating system
b. Computer manufacturer
c. IP address
d. None of the above
14. The conflict between the users’ goal for unfettered access to data and the security
administrator’s goal to protect that data is an issue of ______________.
a. System administration
b. Access control
c. Password protection
d. Social engineering
15. The principal that users have access to only network resources when an administrator
explicitly grants them is called ___________.
a. Implicit deny
b. Least privilege
c. Separation of duty
d. Job rotation