Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Test yourself better with 300 extra Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)

Previous Topic/Section
5.4.2  Incident Response Policy
Previous Page
Pages in Current Topic/Section
1
2
Next Page
5.5  Privilege Management
Next Topic/Section

Pop Quiz 5.1
(Page 2 of 2)



Answers

1. What should you do to the user accounts as soon as employment is terminated?

Disable the user accounts and have the data kept for a specified period of time.

Explanation: A record of user logins with time and date stamps must be kept to ensure that any unauthorized access that occurs can be detected (although possibly after the fact). User accounts shall be disabled and data kept for a specified period of time as soon as employment is terminated.

 

2. A type of attack that could be the most successful when the security technology is properly implemented and configured is social engineering .

Explanation: Social Engineering attacks - In computer security systems, this type of attack is usually the most successful, especially when the security technology is properly implemented and configured. Usually, these attacks rely on the faults in human beings. An example of a social engineering attack has a hacker impersonating a network service technician. The serviceman approaches a low-level employee and requests their password for network servicing purposes.

 

3. In order to avoid mishandling of media or information, you should consider using labeling .

Explanation: In order to avoid mishandling of media or information, proper labeling must be used.

  • All tape, floppy disks, and other computer storage media containing sensitive information must be externally marked with the appropriate sensitivity classification.

  • All tape, floppy disks, and other computer storage media containing unrestricted information must be externally marked as such.

  • All printed copies, printouts, etc., from a computer system must be clearly labeled with the proper classification.

Labeling is a physical measure which can prevent accidental misuse of media which could occur if the media does not contain specific indications of its nature.

 

4. A counter measure to data aggregation is separation of duties .

Explanation: Data Aggregation occurs when smaller pieces of information are assembled together to provide the "big picture". The risk is that through data collection techniques, a person who is authorized to have some of much of the information may be able to discern more than what they should from the information. A good countermeasure is to maintain strong separation of duties and a "need to know" approach. Job rotation can be beneficial.

 

5. A high-level statement belief, goals and objectives and the general means for their attainment for a specific subject area is called a policy .

Explanation: A Policy is a high-level statement belief, goal and objective with the general means for the attainment of a specific subject area. A Procedure spells out the specific steps of how the policy and supporting standards and how guidelines will be implemented. A procedure is a description of tasks that must be executed in a specific order. A Standard is a mandatory activity, action, rule or regulation designed to provide policies with the support structure and specific direction they require to be effective. They are often expensive to administer and therefore should be used judiciously. A Guideline is a more general statement of how to achieve the policies objectives by providing a framework within which to implement procedures. Where standards are mandatory, guidelines are recommendations.


Previous Topic/Section
5.4.2  Incident Response Policy
Previous Page
Pages in Current Topic/Section
1
2
Next Page
5.5  Privilege Management
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.