.png){kind=logo}
1
DETAILED ANSWERS|LATEST
PASS
A company's IT policy manual states that "All company computers, workstations, application servers, and mobile devices must have current versions of antivirus software."
Which principle or concept of cybersecurity does this policy statement impact? - ANSWER Operating system security
An organization's procedures document states that "All electronic communications should be encrypted during transmission across networks using encryption standards specified in the data encryption policy."
Which security principle is this policy addressing? - ANSWER Confidentiality
A company's website policy states that "To gain access to the corporate website, each employee must provide a valid user name and password, and then answer one of six security questions accurately."
Which type of security does the policy address? - ANSWER Operations
An organization notices unauthorized visitors following employees through a restricted doorway.
Which vulnerability should be addressed in the organization's security policy? - ANSWER Tailgating
- / 2
2
A company wants to update its access control policy. The company wants to prevent hourly employees from logging in to company computers after business hours.
Which type of access control policy should be implemented? - ANSWER Attribute- based
A new software development company has determined that one of its proprietary algorithms is at a high risk for unauthorized disclosure. The company's security up to this point has been fairly lax.
Which procedure should the company implement to protect this asset? - ANSWER Relocate the algorithm to encrypted storage.
An accounting firm stores financial data for many customers. The company policy requires that employees only access data for customers they are assigned to. The company implements a written policy indicating an employee can be fired for violating this requirement.
Which type of control has the company implemented? - ANSWER Deterrent
How can an operating system be hardened in accordance to the principle of least privilege? - ANSWER Restrict account permissions.
A company implements an Internet-facing web server for its sales force to review product information. The sales force can also update its profiles and profile photos, but not the product information. There is no other information on this server.
Which content access permissions should be granted to the sales force based on the principle of least privilege? - ANSWER Read and limited write access
- / 2
.png)