Category: Uncategorized

Within the User Domain of a typical IT infrastructure is a range of user types. Each type has specific and distinct access needs. Which of the following types of users are external to the organization, provide services to the organization, and are not directly managed by the organization?

True or False? System administrators are typically responsible for audit coordination and response, physical security and building operations, and disaster recovery and contingency planning.

There are many ways that people can be manipulated to disclose knowledge that can be used to jeopardize security. One of these ways is to call someone under the false pretense of being from the IT department. This is an example of:

True or False? C-level executives, such as CIOs and CEOs, are often the target of social engineering.

True or False? A security awareness policy should inform workers of how to deal with unexpected risk.

True or False? Hacking is attractive because of the ease with which data can be obtained compared with social engineering.

True or False? A best practice is to require all users who access information to use unique credentials that identify who they are.

Imagine a scenario in which an employee feels compelled by management to regularly shirk the organization’s established security policies in favor of convenience. What does this employee’s continued violation suggest about the culture of risk management in the organization?

True or False? System accounts often need elevated privileges to start, stop, and manage system services.

True or False? A privileged-level access agreement (PAA) is designed to heighten the awareness and accountability of users who have administrative rights.