CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [249]
a. Electrical power is removed.
b. The cover is removed.
c. The computer’s battery is removed and replaced.
d. The hard drive is changed.
14. Which type of policy should define the use of USB devices?
a. Information retention policy
b. Configuration management policy
c. Change documentation
d. Acceptable use policy
15. You are interested in simplifying security management at your site. The simplest way to manage users is by assigning them to which of the following entities?
a. Groups
b. Pools
c. Units
d. Categories
16. Which of the following hold permissions for users and groups, such as Read-Only, Full Control, or Change?
a. Group policies
b. Access control lists
c. SIDs
d. DNS
17. If you want to carefully govern who can reset the password of a user object, which of the following permissions should you focus on?
a. Logical token
b. Landlord
c. Domain password
d. Change
18. Which of the following are most similar in content to certificates?
a. Password policies
b. Device access policies
c. Datagrams
d. Logical tokens
19. Which of the following allow you to automatically implement restrictions on operating system components?
a. Group policies
b. Access control lists
c. SIDs
d. DNS
20. Which type of policy should define the use of cell phones within an organization?
a. Information retention policy
b. Configuration management policy
c. Change documentation
d. Acceptable use policy
Answers to Review Questions
1. A. All aspects of security in the organization are included in the security management policy, including the policies in options B, C, and D.
2. B. The information classification policy discusses information sensitivity and access to information.
3. B. The configuration management policy is concerned with how systems are configured and what software can be installed on systems.
4. A. Change documentation involves keeping records about how your network or organization changes over time.
5. B. Enforcement of policies, procedures, and standards is essential for effective sustainability of security efforts. The saying “Inspect what you expect” is relevant in this situation.
6. A. The term best practices refers to the essential elements of an effective security management effort.
7. D. Information retention policies dictate what information must be archived and how long those archives must be kept.
8. A. Configuration management policy dictates the configurations and upgrades of systems in an organization.
9. A. The backup policy identifies the methods used to archive electronic and paper file systems. This policy works in conjunction with the information retention and storage policies.
10. C. Network technology and administration would not be covered in a user security-awareness program. Issues of policy, responsibilities, and importance of security would be key aspects of this program.
11. A .Managers would derive the most benefit from a high-level explanation of security threats and issues. Users need to know how to follow the policies and why they are important. Developers and network administrators need specific and focused information on how to better secure networks and applications.
12. B. The only way to guarantee that data and applications on a disk drive are unreadable is to perform a low-level initialization of the storage media, thereby setting every storage location into a newly initialized state. This process is also referred to as disk wiping.
13. C. The removal and replacement of the computer battery will often cause the loss of values stored in the BIOS.
14. D. The acceptable use policy should clearly define the use of USB devices within an organization.
15. A. Users should be placed in groups and managed by membership in those groups.
16. B. Access control lists (ACLs) hold permissions for users and groups.
17. C. The domain password permission identifies who