Security Pro Chapter 1-3

Εξοδος

Ερώτηση 1 of 1

  Υπολειπόμενος Χρόνος


0 [{"id":437021,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-18 14:16:46","updated_at":"2018-05-13 22:06:06","questionName":"Match the employment process on the left with the task that should occur during each process on\r\nthe right. Each process may be used once, more than once, or not at all.","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":27,"explanation":"During the pre-employment process, you need to determine whether an individual is a valid\r\nsecurity risk by performing tasks such as the following:\r\n-Verify the prospective employee's job history\r\n-Obtain a credit history (if appropriate)\r\nDuring the employment phase, you need to ensure employees are made aware of security issues.\r\nSome of the measures you can implement include the following:\r\n\u2022 Make employees aware of the standards, procedures, and baselines that apply to the\r\nemployee's specific job. This is referred to as role-based training .\r\n\u2022 Make employees aware of what constitutes sensitive information and steps that should be\r\ntaken to protect it.\r\nThe termination process identifies the tasks an organization takes when an employee voluntarily or\r\ninvoluntarily leaves the organization. Be sure to complete the following:\r\n\u2022 Remind the employee of any agreements related to non-disclosure and non-compete.\r\n\u2022 Disable the employee's accounts, including physical access, electronic access, and telephone\r\naccess.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435488,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:04:33","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following threat actors seeks to defame, shed light on, or cripple an organization or government?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":29,"explanation":"A hacktivist is any individual whose attacks are politically motivated. Instead of seeking financial gain, hacktivists want to defame, shed light on, or cripple an organization or government. Often times, hacktivists work alone. Occasionally, they create unified groups with like-minded hackers. For example, the website wikileaks.org is a repository of leaked government secrets, some of which have been obtain by hacktivists. Script kiddies are usually motivated by the chance to impress their friends or garner attention in the hacking community. Insider threat actors can be motivated by negative feelings toward their employer, bribes from a competitor, or personal financial gain. Competitors could be motivated by financial gain, competitor defamation, or stealing industry secrets. There are two primary motives for nation state attacks: Seeking to obtain sensitive information, such as government secrets. -Seeking to cripple the target's network or infrastructure.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":436751,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:36:54","updated_at":"2018-05-13 22:06:06","questionName":"As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":16,"explanation":"It is essential to collect and destroy all old plan copies as a new version of a plan is rolled out. Senior management approval should have been obtained before releasing a new version of the plan. New awareness sessions are usually not required as the major concepts and ideas of the plan remain constant; it is only the details that need periodic updates. New awareness is necessary only when the plan significantly changes or when a significant length of time has elapsed since the last time employees went through awareness. Roles and responsibilities do not need to be redefined due to a new plan version, just updated.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437015,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:12:06","updated_at":"2018-05-13 22:06:06","questionName":"When you inform an employee that they are being terminated, what is the most important\r\nactivity?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":23,"explanation":"When an employee is terminated, their network access should be disabled immediately. Often, an\r\nemployee is taken into an exit interview, where they are informed of the termination and asked to\r\nreview their NDA and other security agreements. While the exit interview is occurring, the system\r\nadministrator disables the user's network access and security codes.\r\nReturning personal items is the least important task when removing an employee. Terminated\r\nemployees should not be allowed to complete work projects, nor should they be given two week's\r\nnotice. Both of these activities grant the ex-employee the ability to cause damage to your secure\r\nenvironment as a form of retaliation","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435486,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 15:01:51","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is the best definition of the term hacker?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":28,"explanation":"The term hacker is a general term used to describe any individual who uses their technical knowledge to gain unauthorized access to an organization. The following are specific types of hackers, also known as threat actors : \u2022 \u2022 \u2022 A hacktivist is any individual whose attacks are politically motivated. A nation state is the most organized, well-funded, and dangerous type of threat actor. An organized crime threat actor is a group of cybercriminals whose main goal is financial gain. \u2022 A script kiddie is a threat actor who lacks skills and sophistication but wants to impress their friends or garner attention. Script kiddies carry out an attack by using scripts or programs written by more advanced hackers.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435480,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:57:57","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is not a valid concept to associate with integrity?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":24,"explanation":"To control access to resources and prevent unwanted access is to protect of confidentiality, not integrity. Integrity concepts include preventing unauthorized change, ensuring that your data is a true reflection of reality (meaning that it recording real information), and maintaining the highest source of truth.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437011,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:09:47","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is not a protection against collusion?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":20,"explanation":"Cross-training is not a protection against collusion because it trains each user to perform many job\r\nroles. This makes it possible for a single user to perform fraud and abuse or convince someone else\r\nto collude.\r\nSeparation of duties, two-man control, and principle of least privilege are all protections against\r\ncollusion because they make it difficult for a single person to commit a crime by locking down\r\nprivileges and access. Therefore, attempts to involve multiple people in such an environment are\r\neasily detected (in other words, these mechanisms serve as a prevention against collusion).","question_score_id":null,"lang":"","questionAudioPath":null},{"id":435476,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-16 14:56:42","updated_at":"2018-05-13 22:06:06","questionName":"By definition, which security concept uses the ability to prove that a sender sent an encrypted message?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":21,"explanation":"The ability to prove that a sender sent a message is known as non-repudiation . By various mechanisms in different cryptographic solutions, you can prove that only the sender is able to initiate a communication. Therefore, the sender cannot repute that they originated a message. Integrity is protection against alteration. Authentication is the assignment of access privileges to users. Privacy is the protection and confidentiality of personal information.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":437013,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:10:54","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is not an element of the termination process?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":22,"explanation":"Employee termination does not dissolve the NDA (nondisclosure agreement). The exit interview\r\nshould remind and re-enforce that the NDA is in effect even after their employment has ended.\r\nTermination should trigger the disabling of all network access. In addition, all company property\r\n(such as keys, badges, phones, and computers) should be returned.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437008,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:07:29","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following is a legal contract between the organization and the employee that specifies\r\nthe employee is not to disclose the organization's confidential information?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":18,"explanation":"A non-disclosure agreement is a legal contract between the organization and the employee that\r\nspecifies that the employee is not to disclose the organization's confidential information.\r\nThe non-compete agreement prohibits an employee from working for a competing organization for\r\na specified time after the employee leaves the organization. The acceptable use agreement\r\nidentifies the employee's rights to use company property, such as internet access and computer\r\nequipment, for personal use. The employee monitoring agreement outlines the organization's\r\nmonitoring activities.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437017,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:13:25","updated_at":"2018-05-13 22:06:06","questionName":"The best way to initiate solid administrative control over an organization's employees is to have\r\nwhat element in place?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":25,"explanation":"Distinct job descriptions are the foundation of solid administrative control. With written job\r\ndescriptions, all security needs for each employee are defined and prescribed.\r\nAn acceptable use policy is important, but it is nearly useless unless it clearly definition what\r\nemployees should do and are held responsible for base upon the employed position. Rotation of\r\nduties is only possible if there are distinct job descriptions. Mandatory vacations are only effective if\r\ndistinct job descriptions exist to define what is to be reviewed and audited in the employee's\r\nabsence.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":436752,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 02:38:06","updated_at":"2018-05-13 22:06:06","questionName":"You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":17,"explanation":"In a tabletop exercise, a small number of individuals get together and test just one part of the BCP by working through a simple scenario. A medium exercise involves a large number of individuals that test many parts of the BCP. A complex exercise involves a very large number of individuals and a very realistic scenario. Succession planning is a process for identifying and developing internal personnel with the potential to fill key positions.","question_score_id":null,"lang":null,"questionAudioPath":null},{"id":435485,"quiz_id":"22204","answer_id":null,"answerType_id":"2","created_at":"2018-04-16 15:00:31","updated_at":"2018-05-14 01:44:02","questionName":"Match the general attack strategy on the left with the appropriate description on the right. ","questionTimeSeconds":"0","questionTimeMinutes":"20","questionImagePath":null,"position":26,"explanation":"General attack strategies include the following steps: \u2022 Reconnaissance : the process of gathering information about an organization, including system hardware information, network configuration, and individual user information. \u2022 Breach : the penetration of system defenses. Breaches are achieved using the information gathered during reconnaissance. \u2022 Escalate privileges : one of the primary objectives of an attacker, which can be achieved by configuring additional (escalated) rights to do more than breach the system. \u2022 Staging : preparing a computer to perform additional tasks in the attack, such as installing software designed to attack other systems. \u2022 Exploit : taking advantage of known vulnerabilities in software and systems. Types of exploitation include stealing information, denying services, crashing systems, and modifying\/altering information.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437006,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:06:21","updated_at":"2018-05-13 22:06:06","questionName":"Which of the following defines two-man control?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":15,"explanation":"The principle of two-man control specifies that certain tasks should be dual-custody in nature to\r\nprevent a security breach.\r\nThe principle of least privilege specifies that an employee is granted the minimum privileges\r\nrequired to perform the position's duties. The principle of separation of duties specifies that for any\r\ntask in which vulnerabilities exist, steps within the tasks are assigned to different positions with\r\ndifferent management. Collusion is a situation in which multiple employees conspire to commit\r\nfraud or theft.","question_score_id":null,"lang":"","questionAudioPath":null},{"id":437010,"quiz_id":"22204","answer_id":null,"answerType_id":"0","created_at":"2018-04-18 14:08:46","updated_at":"2018-05-13 22:06:06","questionName":"Your company security policy requires separation of duties for all network security matters. Which\r\nof the following scenarios best describes this concept?","questionTimeSeconds":"0","questionTimeMinutes":"2","questionImagePath":null,"position":19,"explanation":"Separation of duties is designed to limit an individual's ability to cause severe damage or conduct\r\nunauthorized acts alone. By limiting the scope of authority and requiring multiple individuals to\r\nfacilitate an action, exposure to malicious activity is greatly reduced. In this scenario, requiring the\r\nsecurity officer to approve and activate all remote access requests is the best example of this\r\nconcept.","question_score_id":null,"lang":"","questionAudioPath":null}]
437021
0
1200
block

Match the employment process on the left with the task that should occur during each process on the right. Each process may be used once, more than once, or not at all.

Ταίριασμα του κειμένου (κλικ και σύρετε)   

(0/0)




Ταίριασμα του κειμένου

Conduct role-based training

Verify an individual's job history

Disable a user's account

Κάντε κλικ και σύρετε

Employment

Pre-employment

Termination


435488
0
120
none
436751
0
120
none
437015
0
120
none
435486
0
120
none
435480
0
120
none
437011
0
120
none
435476
0
120
none
437013
0
120
none
437008
0
120
none
437017
0
120
none
436752
0
120
none
435485
0
1200
none
437006
0
120
none
437010
0
120
none