cybersecurity 10

A security policy is a document that defines how an organization deals with some aspect of security.

true

Passwords are an area of user policies.

true

A good password should have at least eight characters and use all lowercase letters.

false

An organization should not permit end users to install anything on their computer.

true

After an employee discontinues employment, his or her workstation hard drive should be searched.

true

Principal of least privilege means that no one person can perform critical tasks.

false

One reason allowing a user to change the desktop configuration poses a security problem is that to change a desktop the user must also be given rights to change other system settings.

true

You cannot disable some USB devices from end-user computers and allow others

false

Standards are specific instructions on how to handle a specific issue.

false

Security policies toward programmers and web developers are developmental policies.

true

A document that defines how an organization deals with some aspect of security is a(n) __________.

Security policy

Password guidelines, Internet use, how to handle email attachments, and software installation processes are areas of ______.

User policies

The plan to return a business to full normal operations is ____________

DRP

__________ is the most obvious reason for organizations to provide their users with Internet access.

Email

Which of the following is an activity that falls into a gray area and might be acceptable Internet use in some organizations but not others?

Online shopping during a break time

Which of the following should NOT be a part of an organization’s policy regarding email attachments?

None of the above

Use for business communications only and the disallowing of the transmission of confidential business information are recommended guidelines for _______

Instant messaging

The background, screensaver, font size, and resolution are elements of _______.

Desktop configuration

Procedures for adding users, removing users, and dealing with security issues are examples of ___________ policies.

System administration

New employees should receive a copy of the company’s __________ policies.

Security/acceptable use

When an employee leaves, all _______ should be terminated.

Logins

If you determine a virus has struck a system, the first step is to _________.

Unplug the machines from the network

If you experience a denial-of-service attack, you can use firewall logs to determine the _______ from which the attack originated.

IP address

The conflict between the users’ goal for unfettered access to data and the security administrator’s goal to protect that data is an issue of ______________.

Access control

The principal that users have access to only network resources when an administrator explicitly grants them is called ___________.

Implicit deny