quiz 2.docx | bartleby

1. Question 1 1.25/1.25 What step can be taken to evaluate the effectiveness of the security measures in place at an organization? Show answer choices 1. Perform a vulnerability assessment. 2. Monitor a service level agreement (SLA). 3. Perform due diligence 4. Execute an interconnection security agreement (ISA) 2. Question 2 1.25/1.25 What five phases should be covered in the incident response policy? Show answer choices 1. Preparation, detection, containment and eradication, recovery, and follow-up actions 2. Plan, implement, monitor, evaluate, document, and train 3. Identification, isolation, destruction, documentation, and training 4. Preparation, detection, isolation, destruction, and documentation 3. Question 3 1.25/1.25 Which term refers to the step between the account having access and the account being removed from the system? Show answer choices 1. Account termination 2. Account recovery 3. Account disablement 4. Account expiration 4. Question 4 1.25/1.25

Which term describes a specialized agreement between organizations that have interconnected IT systems, the purpose of which is to document the security requirements associated with the interconnection? Show answer choices 1. Business partnership agreement (BPA) 2. Interconnection security agreement (ISA) 3. Service level agreement (SLA) 4. Memorandum of understanding (MOU) 34 Which term refers to the security perimeter, with its several layers of security, along with additional security mechanisms that may be implemented on a system (such as user IDs/passwords)? 5. Question 5 1.25/1.25 Which document lays out a uniform set of rules associated with partnerships to resolve any partnership terms? Show answer choices 1. Memorandum of understanding (MOU) 2. Uniform Partnership Act (UPA) 3. Interconnection security agreement (ISA) 4. Service level agreement (SLA) 6. Question 6 1.25/1.25 A(n) ____________________ policy explains what an organization’s guiding principles will be in guarding personal data to which they are given access. privacy 7. Question 7 1.25/1.25 What is a leading cause of account hijacking? Show answer choices

1. Improper use and/or control over passwords 2. Ineffective data classification programs 3. Ineffective service level agreements 4. A business partnership agreement (BPA) 8. Question 8 1.25/1.25 Which term describes a legal agreement between partners establishing the terms, conditions, and expectations of the relationship between the partners? Show answer choices 1. Business partnership agreement (BPA) 2. Interconnection security agreement (ISA) 3. Service level agreement (SLA) 4. Memorandum of understanding (MOU) 9. Question 9 1.25/1.25 ____________________ are mandatory elements regarding the implementation of a policy. Standards 10. Question 10 1.25/1.25 ____________________ are high-level, broad statements of what the organization wants to accomplish. Policies 11. Question 11 1.25/1.25 Which statement explains why vishing is successful? Show answer choices 1. Vishing is successful because people desire to be helpful. 2. Vishing is successful because individuals normally seek to avoid confrontation and trouble. 3. Vishing is successful because of the trust that individuals place in the telephone system.

4. Vishing is successful because people tend to trash information that might be used in a penetration attempt. 12. Question 12 1.25/1.25 Which poor security practice is one of the most common and most dangerous? Show answer choices 1. Choosing poor passwords 2. Using encrypted signatures 3. Being too customer-focused 4. Hiding your employee badge 13. Question 13 1.25/1.25 Which statement describes how dumpster diving is accomplished? Show answer choices 1. An attacker directly observes the target entering sensitive information on a form, keypad, or keyboard. 2. An attacker changes URLs in a server’s domain name table. 3. An attacker watches what a user discards into the Windows recycle bin on the user’s computer. 4. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can. 14. Question 14 1.25/1.25 Which statement describes how reverse social engineering is accomplished? Show answer choices 1. An attacker attempts to find little bits of information that could be useful for an attack in a target trash can. 2. An attacker tries to convince the target to initiate contact and then gets the target to give up confidential information. 3. An attacker uninstalls software on an unsuspecting user’s computer. 4. An attacker initiates a conversation with the target to obtain confidential information.

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help