QUESTION 1

1. Opening e-mails and unknown e-mail attachments, which can lead to malicious software and codes, is a risk that is
typically found in the:
LAN Domain.

LAN-to-WAN Domain.

User Domain.

Workstation Domain.

10 points
QUESTION 2
1. Implementing content filtering and intrusion detection/intrusion prevention systems at the Internet ingress/egress as
well as disabling system administration rights on user workstations are strategies that can be used for preventing
users from:
downloading and installing unauthorized applications and software onto organization-owned IT assets.

inserting CDs, DVDs, and USB drives with personal data onto organization-owned IT assets.

accessing the Internet and surfing the Web.

clicking on unknown e-mail attachments and files.

10 points
QUESTION 3
1. The entire policy should be as concise and readable as possible, for example, no more than:
one to three sentences.

one to three paragraphs.

two to three pages.

five to ten pages.

10 points
QUESTION 4
1. The policy statement should be as concise and readable as possible, for example, no more than:
one to three sentences.

one to three paragraphs.

two to three pages.

five to ten pages.

10 points
QUESTION 5
1. Security awareness training is designed to mitigate the risks and threats identified in:
all seven domains of a typical IT infrastructure.

the System/Application Domain.

 the LAN Domain and the LAN-to-WAN Domain.

the User Domain and the Workstation Domain.

10 points
QUESTION 6
1. Most employees will:
look for the easiest way to do their jobs.

unnecessarily complicate tasks with extra steps.

unintentionally skip valuable steps and tasks.

find less efficient and less economical ways to work.

10 points
QUESTION 7
1. To be sure your security awareness training policy is effective, the policy’s revision, approval, and distribution
should:
be initiated by top management.

remain a secret.

be documented.

be known only to IT personnel.

10 points
QUESTION 8
1. To be sure your security awareness training policy is effective, it should align well with:
the objectives of executive management.

the objectives of the Human Resources Department.

the security awareness training policy of other organizations.

other governing documents in the organization.

10 points
QUESTION 9
1. Dealing with employee apathy toward __________ is a risk that is typically found in the User Domain.
information systems security policy

operating system software vulnerabilities

application software vulnerabilities

using USB drives containing personal data on company computers

10 points
QUESTION 10
1. The purpose of an organization-wide security awareness training policy is to mandate __________ security
awareness training for employees.
technical and advanced

annual and periodic

weekly

basic and economical

10 points
QUESTION 11
1. To be sure your security awareness training policy is effective, it should:
be applicable to all audiences.

speak directly to the target audience.

include technical terms to impress the target audience.

identify the security mistakes made by each member of the target audience.

10 points
QUESTION 12
1. Operating system software vulnerabilities and application software vulnerabilities are risks and threats that are
typically found in the:
LAN Domain.

LAN-to-WAN Domain.

User Domain.

Workstation Domain.

10 points
QUESTION 13
1. Implementing an e-mail filtering and quarantining system that examines embedded URL links inside e-mails and
examines unknown file attachments in e-mails would be a security control to mitigate risks in the:
LAN Domain.

LAN-to-WAN Domain.

User Domain.

Workstation Domain.

10 points
QUESTION 14
1. Which of the following statements is true regarding security awareness training policy after the policy is approved?
It is usually sufficient to simply give a new employee a few minutes to read and sign a policy during
orientation.

Policy understanding sessions can ensure that employees understand the policy’s reasoning and necessity.
 Policy understanding sessions should be uniform, not be customized for particular employees.

There is typically no need for repeat sessions to reinforce the security awareness training policy.

10 points
QUESTION 15
1. Employees lacking security awareness training tend to:
create a hazardous work environment for their co-workers.

introduce risks and vulnerabilities into an organization.

use the Internet more frequently and send more e-mail.

make more mistakes and work inefficiently.

10 points
QUESTION 16
1. Your security awareness training policy will directly influence:
how motivated and effective your employees are.

your employees Internet usage and how many e-mails they send.

how well your employees value and protect your organization’s security position.

what your employees will do to influence others’ security efforts.

10 points
QUESTION 17
1. Which of the following risks is typically found in the User Domain?
Software vulnerabilities

Humans and human nature

Network vulnerabilities

Unauthorized access to equipment

10 points
QUESTION 18
1. Security awareness training policies should be written in such a way that they:
never need to be reviewed.

never need to be updated.

need regular review and updates.

won’t need frequent updates.

10 points
QUESTION 19
1. The audience for security awareness training is:
 only new employees during their orientation.

both new and existing employees.

systems administrators and Help Desk employees.

executive management.

10 points
QUESTION 20
1. To be sure your security awareness training policy is effective, it should state the “__________” with only the
minimal detail, and rely on standards or guidelines for the “__________.”
why; how

how; why

what; why

how; what
 User Bharadwaj Talari
Cours Fall 2019 - Operations Security (ISOL-631-30) (ISOL-631-31) - Combined - Full Term
e
Test Lab 5: Assessment Quiz
Starte 10/5/19 3:34 PM
d
Submi 10/5/19 4:05 PM
tted
Due 10/6/19 11:59 PM
Date
Status Completed
Attem 140 out of 200 points
pt
Score
Time 31 minutes out of 1 hour
Elapse
d
Instru
ctions

Quiz Instructions
This quiz contains 20 multiple-choice questions. For each question, select the correct answer and click the "Next"
button. When you are ready to submit your answers, click the "Submit all and finish" button.
Result Feedback
s
Displa
yed
 Question 1
10 out of 10 points
Opening e-mails and unknown e-mail attachments, which can lead to malicious software and codes, is a risk that
is typically found in the:

 Question 2
10 out of 10 points
Implementing content filtering and intrusion detection/intrusion prevention systems at the Internet ingress/egress
as well as disabling system administration rights on user workstations are strategies that can be used for
preventing users from:

 Question 3
0 out of 10 points
 The entire policy should be as concise and readable as possible, for example, no more than:

 Question 4
0 out of 10 points
The policy statement should be as concise and readable as possible, for example, no more than:

 Question 5
10 out of 10 points
Security awareness training is designed to mitigate the risks and threats identified in:

 Question 6
0 out of 10 points
Most employees will:

 Question 7
10 out of 10 points
To be sure your security awareness training policy is effective, the policy’s revision, approval, and distribution
should:

 Question 8
0 out of 10 points
To be sure your security awareness training policy is effective, it should align well with:

 Question 9
0 out of 10 points
Dealing with employee apathy toward __________ is a risk that is typically found in the User Domain.

 Question 10
10 out of 10 points
The purpose of an organization-wide security awareness training policy is to mandate __________ security
awareness training for employees.

 Question 11
10 out of 10 points
To be sure your security awareness training policy is effective, it should:

 Question 12
10 out of 10 points
Operating system software vulnerabilities and application software vulnerabilities are risks and threats that are
typically found in the:
 Question 13
10 out of 10 points
Implementing an e-mail filtering and quarantining system that examines embedded URL links inside e-mails and
examines unknown file attachments in e-mails would be a security control to mitigate risks in the:

 Question 14
10 out of 10 points
Which of the following statements is true regarding security awareness training policy after the policy is
approved?

 Question 15
10 out of 10 points
Employees lacking security awareness training tend to:

 Question 16
10 out of 10 points
Your security awareness training policy will directly influence:

 Question 17
10 out of 10 points
Which of the following risks is typically found in the User Domain?

 Question 18
10 out of 10 points
Security awareness training policies should be written in such a way that they:

 Question 19
10 out of 10 points
The audience for security awareness training is:

 Question 20
0 out of 10 points
To be sure your security awareness training policy is effective, it should state the “__________” with only the
minimal detail, and rely on standards or guidelines for the “__________.”