9.9. Review Questions

  1. Which policy includes all aspects of an organization's security?

    1. Security management policy

    2. Information security policy

    3. Physical security policy

    4. Information classification policy

  2. You're assisting with a policy review to make certain your company has in place all the policies it should. One of your fellow administrators mentions that he has never seen anything detailing information sensitivity and usage. Which policy would cover this topic?

    1. Security policy

    2. Information classification policy

    3. Use policy

    4. Configuration management policy

  3. Which policy identifies the software and hardware components that can be used in an organization?

    1. Backup policy

    2. Configuration management policy

    3. Inventory policy

    4. Use policy

  4. Which of the following involves keeping records about how your network or organization changes over time?

    1. Change documentation

    2. Use policy

    3. Systems architecture

    4. BIA

  5. The process of ensuring that all policies, procedures, and standards are met is a function of which process?

    1. Education

    2. Enforcement

    3. Responsibility

    4. Change management

  6. Mercury Technical Services is formulating a set of guidelines that outline the components of effective security management. After these have been tried and tested at the Anderson branch, they will be rolled out to all other divisions. What is this set of guidelines called?

    1. Best practices

    2. Forensics

    3. Chain of evidence

    4. Use policy

  7. Which policy identifies the files and data that must be archived?

    1. Information classification policy

    2. Use policy

    3. Logs and inventories policy

    4. Information retention policy

  8. Which policy defines upgrade and systems requirements?

    1. Configuration management policy

    2. Use policy

    3. Logs and inventory policy

    4. Backup policy

  9. A policy review is under way. The new head of HR wants to show that a formal policy exists for every aspect of IT. You've been assigned the role of producing whatever information he asks for. Which policy dictates the processes used to create archival copies of records?

    1. Backup policy

    2. Security policy

    3. Use policy

    4. User management policy

  10. Which topic would not normally be covered in a user-oriented security-awareness program?

    1. Security management policy

    2. Use policy

    3. Network technology and administration

    4. Account and password criteria

  11. You're a new hire at SMT. One of your job responsibilities is to provide monthly training sessions on security topics over lunch. You want to prioritize the presentations and first give those that are the most important. Which group would most benefit from an overall briefing on security threats and issues?

    1. Management

    2. Users

    3. Developers

    4. Network administrators

  12. Thanks to the awarding of a grant, you'll now be able to replace all the outdated workstations with newer models. Many of those workstations will be coming from the business office. Which of the following should occur when a computer system becomes surplus?

    1. All files should be erased.

    2. Disk drives should be initialized.

    3. Disk drives should be formatted.

    4. Computer screens should be degaussed.

  13. BIOS-based passwords are typically lost when what occurs on a workstation?

    1. Electrical power is removed.

    2. The cover is removed.

    3. The computer's battery is removed and replaced.

    4. The hard drive is changed.

  14. Which type of policy should define the use of USB devices?

    1. Information retention policy

    2. Configuration management policy

    3. Change documentation

    4. Acceptable use policy

  15. You are interested in simplifying security management at your site. The simplest way to manage users is by assigning them to which of the following entities?

    1. Groups

    2. Pools

    3. Units

    4. Categories

  16. Which of the following hold permissions for users and groups, such as Read-Only, Full Control, or Change?

    1. Group policies

    2. Access control lists

    3. SIDs

    4. DNS

  17. If you want to carefully govern who can reset the password of a user object, which of the following permissions should you focus on?

    1. Logical token

    2. Landlord

    3. Domain password

    4. Change

  18. Which of the following are most similar in content to certificates?

    1. Password policies

    2. Device access policies

    3. Datagrams

    4. Logical tokens

  19. Which of the following allow you to automatically implement restrictions on operating system components?

    1. Group policies

    2. Access control lists

    3. SIDs

    4. DNS

  20. Which type of policy should define the use of cell phones within an organization?

    1. Information retention policy

    2. Configuration management policy

    3. Change documentation

    4. Acceptable use policy

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.118.193.7