|
|
ITS 3050 - Security Policies and Auditing
Review for Fourth Test
The following questions are provided to help you study for the fourth
test. Do not expect to see these exact questions on the test.
- What are some of the reasons that cause people to be a major source
of network security problems?
- In terms of social engineering, what is a pretext?
- What skills are needed for social engineering that are different from
the skills required for more classic hacking?
- What are some common user behaviors that social engineers can exploit?
- What is privilege creep, and why would a network admin be concerned
about it?
- What is a contingent ID, and when would it be used?
- Why should an acceptable use policy include or reference a non-compliance
policy?
- What is the principle of least privilege? How does it differ from
the principle of best fit?
- The authors do not suggest a counter measure to being asked to bypass
security by a higher ranking executive. What should the technician do
in that case?
- What are some features we would expect to find in baseline standards
for workstations? Which devices would those policies not
apply to?
- What are some examples of devices that LAN policies should apply to?
- What did the text suggest as two locations we might use in classifying
documents?
- If we used a classification scheme that put all important data in
one class, and there is only one other class, what should it be?
- In the National Security Classification scheme, what is sensitive
but unclassified? What is the common theme in the three highest security
levels?
- How is information classified in the scheme above automatically declassified?
- Who is allowed to ask for a mandatory declassification review?
- What is the text's definition of a security incident?
- If your organization has both, what is the difference between an IRT
and an SIRT?
- What is the difference between a security incident and an security
infraction?
- What characteristic of a security incident automatically escalates
the incident to the highest status?
- What are two numeric concepts we might use to measure the scale of
an incident?
- Which operational scope for an SIRT places it at the location of the
incident? Why?
- Which operational scope for an SIRT is used in complex but small environments?
- Under what operational condition should we conduct a Business Impact
Analysis? How does a BIA affect incident response planning?
- When is an incident response procedure used? When do we use a business
continuity plan?
- What is the purpose of a disaster recovery plan?
- When we introduce a new policy, the text recommends that we sell
the idea to management with three parameters. What are they?
- How does the SMART acronym apply to writing a policy?
- Why is it likely that a trained, reliable, good intentioned worker
might violate a new version of a policy? What do we do about that?
- What are some arguments from the text that support the use of computer
based training?
- Explain why a pilot group for a new policy can provide at least two
benefits to you.
- Why should we try to make sure that all levels of management will
buy in to a new policy?
- What is the purpose of governance committees? How are they usually
organized in an organization?
- What is an exception to the employer's right to monitor the contents
of email that courts have upheld?
- GLBA requires that we report instances of unauthorized access. Who
should we contact for guidance about when it is important enough to
report?
- Does the text's suggestion about interpreting GLBA mean that we do
nothing about lower numbers of inappropriate access?
- Since we can use many automated policies about access, why should
we bother with the manual review policies noted in the text?
|