Question 1

System administration policies should be in place for which of the following?

Accepted Answer

A) Adding and removing users. 
B) Changing any systems. 
C) Dealing with security issues. 
D) All of the above. 
A) Adding and removing users. 
B) Changing any systems. 
C) Dealing with security issues. 
D) All of the above. D

Question 2

Which is true about system administration policies regarding leaving employees?

Accepted Answer

A) All logon accounts must be deleted. 
B) Employees should be allowed access to their work areas for a few days to retrieve personal belongings 
C) Internet access accounts and e-mail accounts must be deleted immediately. 
D) Workstation drives should be examined for evidence of any inappropriate activities. 
A) All logon accounts must be deleted. 
B) Employees should be allowed access to their work areas for a few days to retrieve personal belongings 
C) Internet access accounts and e-mail accounts must be deleted immediately. 
D) Workstation drives should be examined for evidence of any inappropriate activities. D

Question 3

Which is NOT an example of a good password policy?

Accepted Answer

A) Passwords should not be shared with others unless IT is not available to provide one in a reasonable time. 
B) If passwords are written down,they should be kept secure. 
C) Passwords should be changed regularly. 
D) Possible compromise of a password should be immediately reported to the IT department. 
A) Passwords should not be shared with others unless IT is not available to provide one in a reasonable time. 
B) If passwords are written down,they should be kept secure. 
C) Passwords should be changed regularly. 
D) Possible compromise of a password should be immediately reported to the IT department. A

Question 4

An organizational policy requiring that all buffers have error handling to prevent buffer overruns is an example of:

Accepted Answer

A) an administrative policy. 
B) a developmental policy. 
C) a security policy. 
D) a user policy. 
A) an administrative policy. 
B) a developmental policy. 
C) a security policy. 
D) a user policy.

Question 5

Which is NOT true about organizational use of instant messaging?

Accepted Answer

A) It may be acceptable for business purposes. 
B) It poses a significant security risk. 
C) It is safe for distribution of private business information. 
D) It should not be used for personal communication. 
A) It may be acceptable for business purposes. 
B) It poses a significant security risk. 
C) It is safe for distribution of private business information. 
D) It should not be used for personal communication.

Question 6

Which is NOT an issue that should be covered by administrative policies?

Accepted Answer

A) Desktop configuration 
B) E-mail attachments 
C) Software installation and removal 
D) All should be covered by administrative policies. 
A) Desktop configuration 
B) E-mail attachments 
C) Software installation and removal 
D) All should be covered by administrative policies.

Question 7

Which is true about user security policies?

Accepted Answer

A) Employees must sign a statement of acknowledgement that they understand them for policies to be effective 
B) Policies must be clear and very specific. 
C) Security policies can prevent misuse of computer systems. 
D) There must be penalties for every infraction. 
A) Employees must sign a statement of acknowledgement that they understand them for policies to be effective 
B) Policies must be clear and very specific. 
C) Security policies can prevent misuse of computer systems. 
D) There must be penalties for every infraction.

Question 8

System ____________ policies must define the steps to be taken in providing access for new users and removing access for leaving users.

Accepted Answer

The answer of System ____________ policies must define the steps...

Question 9

The concept of ____________ dictates that a user should have only the access necessary to complete their job and no more.

Accepted Answer

The answer of The concept of ____________ dictates that a...

Question 10

Issues such as Internet access,password sharing,opening of e-mail attachments,and installing software should be controlled by ____________ policies.

Accepted Answer

The answer of Issues such as Internet access,password sharing,opening of...

Question 11

What should NOT be considered in creating a good password?

Accepted Answer

A) Length should be at least six to eight characters to limit brute force attacks. 
B) Passwords should be easy to remember such as pets' or children's names to limit the need to write them down. 
C) Policies should be in place to require minimum length and history of passwords. 
D) Special characters and numbers must be included to limit use of dictionaries and brute force. 
A) Length should be at least six to eight characters to limit brute force attacks. 
B) Passwords should be easy to remember such as pets' or children's names to limit the need to write them down. 
C) Policies should be in place to require minimum length and history of passwords. 
D) Special characters and numbers must be included to limit use of dictionaries and brute force.

Question 12

Copying data,sharing passwords,and surfing the Internet on company time are all examples of ____________ of organizational computer assets.

Accepted Answer

The answer of Copying data,sharing passwords,and surfing the Internet on...

Question 13

Which is NOT a criteria by which an employee should determine an e-mail attachment can be opened?

Accepted Answer

A) It appears to be a legitimate business document. 
B) It does not contain malicious programming. 
C) It was expected,such as a requested document. 
D) If it was not expected,it comes from a known source. 
A) It appears to be a legitimate business document. 
B) It does not contain malicious programming. 
C) It was expected,such as a requested document. 
D) If it was not expected,it comes from a known source.

Question 14

The primary vehicle for virus distribution is ____________.

Accepted Answer

The answer of The primary vehicle for virus distribution is...

Question 15

Password length,password history,and password complexity should be mandated by ____________ policies.

Accepted Answer

The answer of Password length,password history,and password complexity should be...

Question 16

Why does the author state that technology alone is not a panacea for network security problems?

Accepted Answer

A) Advances in technology occur too rapidly for security experts to keep up with them. 
B) Improvements in technology actually create the most security problems. 
C) Technology cannot be effective if people do not follow appropriate procedures. 
D) The author actually does say that technology solves network security problems. 
A) Advances in technology occur too rapidly for security experts to keep up with them. 
B) Improvements in technology actually create the most security problems. 
C) Technology cannot be effective if people do not follow appropriate procedures. 
D) The author actually does say that technology solves network security problems.

Question 17

Upon termination of an employee,____________ access to facilities as well as system access must be immediately terminated.

Accepted Answer

The answer of Upon termination of an employee,____________ access to...

Question 18

Which is NOT a reason why users should have privileges restricted to prevent them from changing their desktop images?

Accepted Answer

A) Downloaded background images may contain malicious software. 
B) Harassment issues might arise if inappropriate images are used. 
C) Management must always control what users see on their desktops. 
D) User privileges to change desktop images can also permit changes that compromise security. 
A) Downloaded background images may contain malicious software. 
B) Harassment issues might arise if inappropriate images are used. 
C) Management must always control what users see on their desktops. 
D) User privileges to change desktop images can also permit changes that compromise security.

Question 19

Which is true about access control policies?

Accepted Answer

A) All resources should be locked down as much as possible to prevent security problems. 
B) Users' needs should be assessed based on the group to which they belong,and they should be given the minimum access needed to perform their job duties. 
C) Each user's needs should be assessed and they should be given the minimum access needed to perform their job duties. 
D) Users should be provided access to all resources they deem necessary for their work. 
A) All resources should be locked down as much as possible to prevent security problems. 
B) Users' needs should be assessed based on the group to which they belong,and they should be given the minimum access needed to perform their job duties. 
C) Each user's needs should be assessed and they should be given the minimum access needed to perform their job duties. 
D) Users should be provided access to all resources they deem necessary for their work.

Question 20

What is the primary reason a change control process is necessary?

Accepted Answer

A) It allows IT security personnel to examine proposed changes for potential security problems before implementation. 
B) It keeps track of changes so that problems can be documented. 
C) It requires changes to be documented before they are made. 
D) It verifies that proposed changes will work before they are implemented. 
A) It allows IT security personnel to examine proposed changes for potential security problems before implementation. 
B) It keeps track of changes so that problems can be documented. 
C) It requires changes to be documented before they are made. 
D) It verifies that proposed changes will work before they are implemented.

System administration policies should be in place for which of the following?

Which is true about system administration policies regarding leaving employees?

Which is NOT an example of a good password policy?

An organizational policy requiring that all buffers have error handling to prevent buffer overruns is an example of:

Which is NOT true about organizational use of instant messaging?

Which is NOT an issue that should be covered by administrative policies?

Which is true about user security policies?

System ____________ policies must define the steps to be taken in providing access for new users and removing access for leaving users.

The concept of ____________ dictates that a user should have only the access necessary to complete their job and no more.

Issues such as Internet access,password sharing,opening of e-mail attachments,and installing software should be controlled by ____________ policies.

What should NOT be considered in creating a good password?

Copying data,sharing passwords,and surfing the Internet on company time are all examples of ____________ of organizational computer assets.

Which is NOT a criteria by which an employee should determine an e-mail attachment can be opened?

The primary vehicle for virus distribution is ____________.

Password length,password history,and password complexity should be mandated by ____________ policies.

Why does the author state that technology alone is not a panacea for network security problems?

Upon termination of an employee,____________ access to facilities as well as system access must be immediately terminated.

Which is NOT a reason why users should have privileges restricted to prevent them from changing their desktop images?

Which is true about access control policies?

What is the primary reason a change control process is necessary?

Introduction to Network Security

Types of Attacks

Fundamentals of Firewalls

Firewall Practical Applications

Intrusion-Detection Systems

Encryption

Virtual Private Networks

Operating System Hardening

Defending Against Virus Attacks

Defending Against Trojan Horses,spyware,and Adware

Assessing a System

Security Standards

Choosing Defense Strategies

Filters

Exam 11: Security Policies

System administration policies should be in place for which of the following?

Which is true about system administration policies regarding leaving employees?

Which is NOT an example of a good password policy?

An organizational policy requiring that all buffers have error handling to prevent buffer overruns is an example of:

Which is NOT true about organizational use of instant messaging?

Which is NOT an issue that should be covered by administrative policies?

Which is true about user security policies?

System ____________ policies must define the steps to be taken in providing access for new users and removing access for leaving users.

The concept of ____________ dictates that a user should have only the access necessary to complete their job and no more.

Issues such as Internet access,password sharing,opening of e-mail attachments,and installing software should be controlled by ____________ policies.

What should NOT be considered in creating a good password?

Copying data,sharing passwords,and surfing the Internet on company time are all examples of ____________ of organizational computer assets.

Which is NOT a criteria by which an employee should determine an e-mail attachment can be opened?

The primary vehicle for virus distribution is ____________.

Password length,password history,and password complexity should be mandated by ____________ policies.

Why does the author state that technology alone is not a panacea for network security problems?

Upon termination of an employee,____________ access to facilities as well as system access must be immediately terminated.

Which is NOT a reason why users should have privileges restricted to prevent them from changing their desktop images?

Which is true about access control policies?

What is the primary reason a change control process is necessary?

Introduction to Network Security

Types of Attacks

Fundamentals of Firewalls

Firewall Practical Applications

Intrusion-Detection Systems

Encryption

Virtual Private Networks

Operating System Hardening

Defending Against Virus Attacks

Defending Against Trojan Horses,spyware,and Adware

Assessing a System

Security Standards

Choosing Defense Strategies

Filters