Info Security Ch 5 & 6 – Flashcards
Unlock all answers in this set
Unlock answersquestion
On your way into the back entrance of the building at work one morning, a man dressed as pluber asks you to let him in so he can "fix the restroom". What should you do?
answer
Direct him to the front entrance and instruct him to check in with the receptionist.
question
Which of the following are solutions that address physical security? (Select two)
answer
Require identification and name badges for all employees. Escort visitors at all times.
question
Which of the following can be used to stop piggybacking that has been occurring at a front entrance where employees should swipe their smart cards to gain entry?
answer
Deploy a mantrap
question
What is a secure doorway that can be used in coordination with a mantrap to allow easy egress from a secured environment but which actively prevents re-entrance through the exit portal?
answer
Turnstiles
question
You want to use CCTV to increase your physical security. You want to be able to remotely control the camera position. Which type of camera type should you choose?
answer
PTZ (Pan Tilt Zoom)
question
you want to use CCTV to increase the physical security of your building. Which of the following camera types would offer the sharpest image at the greatest distance under the lowest lighting conditions?
answer
500 resolution, 50mm, .05L UX
question
Which of the following CCTV camera types lets you adjust the distance that the camera can see (i.e. zoom in or out) ?
answer
Varifocal
question
Which of the following CCTV types would you use in areas with little or no light?
answer
Infrared
question
Which of the following allows for easy exit of an area in the event of an emergency, but prevents entry?(Select two)
answer
Double -entry door. Turnstile.
question
Which of the following controls is an example of a physical access control method?
answer
Locks on doors
question
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement cable locks to prevent theft of computer equipment. Click on the office location where cable locks would be most appropriate.
answer
At the lobby
question
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement mantraps to prevent this from happening in the future. Click on the office location where a mantrap would be most appropriate.
answer
At the lobby
question
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you provide employees with access badges and implement access badges readers to prevent this from happening in the future. Click on the office location where a mantrap would be most appropriate.
answer
Building entrance in the lobby. Sensitive areas as server room.
question
You are the security administrator for a small business. The floor plan for your organization is shown in the figure below. You've hired a 3rd-party security consultant to review your organization's security measures and she has discovered multiple instances where unauthorized individuals have gained access to your facility, even to very sensitive areas. She recommends that you implement closed-circuit TV (CCTV) surveillance cameras to prevent this from happening in the future. Click on the office location where a mantrap would be most appropriate.
answer
Building entrance. Sensitive areas as the server room.
question
Hardened carrier. Biometric authentication. Barricades. Emergency escape plans. Alarmed carrier. Anti-passback system. Emergency lighting. Exterior floodlights.
answer
Protected cable distribution. Door locks. Perimeter barrier. Safety. Protected cable distribution. Physical access control. Safety. Perimeter barrier.
question
Which of the following is the most important thing to do to prevent console access to the router?
answer
Keep the router in a locked room
question
You have 5 salesmen who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?
answer
Use cable locks to chain the laptop to the desks
question
You are an IT consultant and are visiting a ne client's site to become familiar with their network. As you walk around their facility, you note the following: -When you enter the facility, a receptionist greets you and directs you down the hallway to the office manager's cubicle. The receptionist uses a notebook system that is secured to her desk with cable lock. -The office manager informs you that the organization's servers are kept in a locked closet. Only she has the key to the closet. When you arrive on site, you will be required to get the key from her to access the closet. -She informs you that the server backups are configured to run each night. A rotation of external USB hard disks are used as the backup media. -You notice the organization's network switch is kept in an empty cubicle adjacent to the office manager's workspace. -You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. Which security-related recommendations should you make to this client? (Select two)
answer
Control access to the work area with locking doors and card readers. Relocate the switch to the locked server closet.
question
You are an IT consultant and are visiting a ne client's site to become familiar with their network. As you walk around their facility, you note the following: -When you enter the facility, a receptionist greets you and escorts you through a locked door to the work area where the office manager sits . -The office manager informs you that the organization's servers are kept in a locked closet. An access card is required to enter the server closet. -She informs you that the server backups are configured to run each night. A rotation of tapes are used as the backup media. -You notice the organization's network switch is kept in the server closet. -You notice that a router/firewall/content filter all-in-one device has been implemented in the server closet to protect the internal network from external attacks. -The office manager informs you that her desktop system will no longer boot and asks you to repair or replace it, recovering as much data as possible in the process. You carry the workstation out to your car and bring it back to your office to work on it. Which security-related recommendations should you make to this client? (Select two)
answer
Implement a hardware checkout policy
question
You walk by the server room and notice a fire has started. What should you do first?
answer
Make sure everyone has cleared the area
question
Which of the following fire extinguisher types is best used for electrical fires that might result when working with computer components?
answer
Class C
question
Which of the following fire extinguisher suppressant types is best used for electrical fires that might result when working with computer components?
answer
Carbon dioxide (CO2)
question
Which of the following fire extinguisher types poses a safety risk to users in the area? (Select two)
answer
Halon CO2
question
Users are complaining that sometimes network communications are slow. You use a protocol analyzer and find that packets are being corrupted as they pass through a switch. You also notice that this only seems to happen when the elevator is running. What should you do?
answer
Install shielded cables near the elevator
question
What is the recommended humidity level for server rooms?
answer
50%
question
Components within your server room are failing at a rapid pace. You discover that the humidity in the server room is at 60% and the temperature is at 80 degrees. What should you do?
answer
Add a separate A/C unit in the server room
question
You maintain the network for an industrial manufacturing company. You are concerned about the dust in the area getting into the server components and affecting the ability of the network. Which of the following should you implement?
answer
Positive pressure system
question
Which of the following statements about ESD is not correct?
answer
ESD is much more likely to ocurre when the relative humidity is above 50%
question
Which of the following is the/least effective power loss protection for computer systems?
answer
Surge protector
question
Besides protecting a computer from under voltages, a typical UPS also performs which 2 actions:
answer
Protects from over voltages. Conditions the power signal.
question
A smart phone was lost at the airport. There is no way to recover the device. Which of the following will ensure data confidentiality on the device?
answer
Remote Wipe
question
Which of the following are not reasons to remote wipe a mobile device?
answer
When the device is inactive for a period of time
question
Which of the following mobile device security consideration will disable the ability to use the device after a short period of inactivity?
answer
Screen lock
question
Most mobile device management (MDM) systems can be configured to track the physical location of enrolled mobile devices. Arrange the location technology on the left in order of accuracy on the right, from most accurate to least accurate.
answer
Most accurate- GPS More accurate- WI-FI triangulation Less accurate- cell phone tower triangulation Least accurate- IP address resolution
question
Your organization has recently purchases 20 tablets devices for the Human Resources department to use for training sessions. You are concerned that these devices could represent a security risk to your network and want to strengthen their security profile as much as possible. Which actions should you take? (select 2)
answer
Implement storage implementation. Enable service device encryption.
question
Over the last several years, the use of mobile devices within your organization has increased dramatically. Unfortunately, many department heads circumvented your Information Systems procurement policies and directly purchased tablets and smartphones for their employees without authorization. As a result there is a proliferation of devices within your organization without accountability. You need to get things under control and begin tracking the devices that are owned by your organization. How should you do this?
answer
Implement a mobile device management (MDM) solution
question
Match each bring your own device (BOYD) security issue on the right with a possible remedy on the left. Each remedy may be used once, more than once, or not at all.
answer
Preventing malware infections- Implement a network acces control (NAC) solution. Supporting mobile device users-Specify who users can call for help with mobile devices apps in your acceptable use policy. Preventing loss of control of sensitive data- Enroll devices in a mobile device management. Preventing malicious insider attacks-Specify where and when mobile devices can be possessed in your acceptable use policy. Applying the latest anti-malware definitions- Implement a network access control (NAC) solution.
question
Match each bring your own device (BOYD) security concern on the right with a possible remedy on the left. Each remedy may be used once, more than once, not at all.
answer
Users take pictures of proprietary processes and procedures- Specify where and when mobile devices can be possessed in your acceptable use policy. Devices with a data plan can e-mail stole data- Specify where and when mobile devices can be possessed inyour