This chapter discussed how human nature both insists upon access control and fights against it. You read about how a skilled social engineer can exploit human nature to obtain unauthorized access to information and systems, and how training, organizational culture, and employee support can mitigate the weaknesses that human nature introduces into any access control system.
Generally, hackers are motivated by ________ and ________.
A target is a system or network that contains valuable data and has attracted the notice of the hacker.
True
False
A typical social engineering strategy involves which of the following?
Assumed identity
Believability
Multiple contacts
Requests for information
A and B only
All of the above
What element of human nature does a social engineer exploit?
Fear
Ambition
Trust
Desire for status
Greed
An employer can obtain an applicant’s driving records as part of a pre-employment background check.
True
False
An employer can obtain an applicant’s medical history and credit reports without special consent of the applicant.
True
False
Passive-aggressive behavior can be an indicator of a ________ employee.
Prior to or during an employee termination meeting, which of the following should be locked or changed?
The employee’s workstation and network accounts
The employee’s email account(s)
Passwords for online accounts accessible to the employee
The employee’s accounts on databases and file servers
All of the above
Two-way communication is critical to the organizational structure model of access control.
True
False
Which of the following can help uncover dishonesty, such as fraud or theft, in the workplace? (Select two.)
Mandatory vacation
Pre-employment checks
Job rotation
Ethics training
________ is designed to eliminate the opportunity for theft, fraud, or other harmful activity.
Access owners are responsible for maintaining a list of authorized users.
True
False
Informing employees of security and acceptable use policies during orientation is sufficient training.
True
False
Human resources should be an integral part of enforcing security policy.
True
False
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.