Professional Documents
Culture Documents
Bharadwaj Lab 5 Week 6 Operation Security
Bharadwaj Lab 5 Week 6 Operation Security
1. Opening e-mails and unknown e-mail attachments, which can lead to malicious software and codes, is a risk that is
typically found in the:
LAN Domain.
LAN-to-WAN Domain.
User Domain.
Workstation Domain.
10 points
QUESTION 2
1. Implementing content filtering and intrusion detection/intrusion prevention systems at the Internet ingress/egress as
well as disabling system administration rights on user workstations are strategies that can be used for preventing
users from:
downloading and installing unauthorized applications and software onto organization-owned IT assets.
inserting CDs, DVDs, and USB drives with personal data onto organization-owned IT assets.
10 points
QUESTION 3
1. The entire policy should be as concise and readable as possible, for example, no more than:
one to three sentences.
10 points
QUESTION 4
1. The policy statement should be as concise and readable as possible, for example, no more than:
one to three sentences.
10 points
QUESTION 5
1. Security awareness training is designed to mitigate the risks and threats identified in:
all seven domains of a typical IT infrastructure.
10 points
QUESTION 6
1. Most employees will:
look for the easiest way to do their jobs.
10 points
QUESTION 7
1. To be sure your security awareness training policy is effective, the policy’s revision, approval, and distribution
should:
be initiated by top management.
remain a secret.
be documented.
10 points
QUESTION 8
1. To be sure your security awareness training policy is effective, it should align well with:
the objectives of executive management.
10 points
QUESTION 9
1. Dealing with employee apathy toward __________ is a risk that is typically found in the User Domain.
information systems security policy
10 points
QUESTION 10
1. The purpose of an organization-wide security awareness training policy is to mandate __________ security
awareness training for employees.
technical and advanced
weekly
10 points
QUESTION 11
1. To be sure your security awareness training policy is effective, it should:
be applicable to all audiences.
identify the security mistakes made by each member of the target audience.
10 points
QUESTION 12
1. Operating system software vulnerabilities and application software vulnerabilities are risks and threats that are
typically found in the:
LAN Domain.
LAN-to-WAN Domain.
User Domain.
Workstation Domain.
10 points
QUESTION 13
1. Implementing an e-mail filtering and quarantining system that examines embedded URL links inside e-mails and
examines unknown file attachments in e-mails would be a security control to mitigate risks in the:
LAN Domain.
LAN-to-WAN Domain.
User Domain.
Workstation Domain.
10 points
QUESTION 14
1. Which of the following statements is true regarding security awareness training policy after the policy is approved?
It is usually sufficient to simply give a new employee a few minutes to read and sign a policy during
orientation.
Policy understanding sessions can ensure that employees understand the policy’s reasoning and necessity.
Policy understanding sessions should be uniform, not be customized for particular employees.
There is typically no need for repeat sessions to reinforce the security awareness training policy.
10 points
QUESTION 15
1. Employees lacking security awareness training tend to:
create a hazardous work environment for their co-workers.
10 points
QUESTION 16
1. Your security awareness training policy will directly influence:
how motivated and effective your employees are.
your employees Internet usage and how many e-mails they send.
how well your employees value and protect your organization’s security position.
10 points
QUESTION 17
1. Which of the following risks is typically found in the User Domain?
Software vulnerabilities
Network vulnerabilities
10 points
QUESTION 18
1. Security awareness training policies should be written in such a way that they:
never need to be reviewed.
10 points
QUESTION 19
1. The audience for security awareness training is:
only new employees during their orientation.
executive management.
10 points
QUESTION 20
1. To be sure your security awareness training policy is effective, it should state the “__________” with only the
minimal detail, and rely on standards or guidelines for the “__________.”
why; how
how; why
what; why
how; what
User Bharadwaj Talari
Cours Fall 2019 - Operations Security (ISOL-631-30) (ISOL-631-31) - Combined - Full Term
e
Test Lab 5: Assessment Quiz
Starte 10/5/19 3:34 PM
d
Submi 10/5/19 4:05 PM
tted
Due 10/6/19 11:59 PM
Date
Status Completed
Attem 140 out of 200 points
pt
Score
Time 31 minutes out of 1 hour
Elapse
d
Instru
ctions
Quiz Instructions
This quiz contains 20 multiple-choice questions. For each question, select the correct answer and click the "Next"
button. When you are ready to submit your answers, click the "Submit all and finish" button.
Result Feedback
s
Displa
yed
Question 1
10 out of 10 points
Opening e-mails and unknown e-mail attachments, which can lead to malicious software and codes, is a risk that
is typically found in the:
Question 2
10 out of 10 points
Implementing content filtering and intrusion detection/intrusion prevention systems at the Internet ingress/egress
as well as disabling system administration rights on user workstations are strategies that can be used for
preventing users from:
Question 3
0 out of 10 points
The entire policy should be as concise and readable as possible, for example, no more than:
Question 4
0 out of 10 points
The policy statement should be as concise and readable as possible, for example, no more than:
Question 5
10 out of 10 points
Security awareness training is designed to mitigate the risks and threats identified in:
Question 6
0 out of 10 points
Most employees will:
Question 7
10 out of 10 points
To be sure your security awareness training policy is effective, the policy’s revision, approval, and distribution
should:
Question 8
0 out of 10 points
To be sure your security awareness training policy is effective, it should align well with:
Question 9
0 out of 10 points
Dealing with employee apathy toward __________ is a risk that is typically found in the User Domain.
Question 10
10 out of 10 points
The purpose of an organization-wide security awareness training policy is to mandate __________ security
awareness training for employees.
Question 11
10 out of 10 points
To be sure your security awareness training policy is effective, it should:
Question 12
10 out of 10 points
Operating system software vulnerabilities and application software vulnerabilities are risks and threats that are
typically found in the:
Question 13
10 out of 10 points
Implementing an e-mail filtering and quarantining system that examines embedded URL links inside e-mails and
examines unknown file attachments in e-mails would be a security control to mitigate risks in the:
Question 14
10 out of 10 points
Which of the following statements is true regarding security awareness training policy after the policy is
approved?
Question 15
10 out of 10 points
Employees lacking security awareness training tend to:
Question 16
10 out of 10 points
Your security awareness training policy will directly influence:
Question 17
10 out of 10 points
Which of the following risks is typically found in the User Domain?
Question 18
10 out of 10 points
Security awareness training policies should be written in such a way that they:
Question 19
10 out of 10 points
The audience for security awareness training is:
Question 20
0 out of 10 points
To be sure your security awareness training policy is effective, it should state the “__________” with only the
minimal detail, and rely on standards or guidelines for the “__________.”