IS3230 CHAPTER 7 Flashcards Preview

IS3230 ACCESS CONTROL, KEY INFRASTRUCTURE > IS3230 CHAPTER 7 > Flashcards

Flashcards in IS3230 CHAPTER 7 Deck (19):
1

An employee who is angry or dissatisfied, usually with some aspect of their employment is called ___.

DISGRUNTLED EMPLOYEE

2

The sum of qualities and traits shared by all humans is called ___.

HUMAN NATURE

3

The practice of dividing essential steps of a task between multiple individuals is called ___.

SEPARATION OF DUTIES

4

Any system or network that contains valuable data and has attracted the notice of the hacker is called ___.

TARGET

5

The concept that there must be two authorized individuals available to approve any sensitive activity is called ___.

TWO-PERSON CONTROL

6

1. Generally, hackers are motivated by ___ and ___.

STATUS AND WEALTH

7

2. A target is a system or network that contains valuable data, and has attracted the notice of the hacker.
TRUE OR FALSE

TRUE

8

3. A typical social engineering strategy involves which of the following?
1. Assumed identity
2. Believability
3. Multiple contacts
4. Requests for information
5. 1 and 2 only
6. All the above

Assumed identity
Believability
Multiple contacts
Requests for information

9

4. What element of human nature does a social engineer exploit?
1. Fear
2. Ambition
3. Trust
4. Desire for status
5. Greed

Trust

10

5. An employer can obtain an applicant's driving records as part of a pre-employment background check.
TRUE OR FALSE

TRUE

11

6. An employer can obtain an applicant's medical history and credit reports without special consent of the applicant.
TRUE OR FALSE

FALSE

12

7. Passive-aggressive behavior can be an indicator of a ___ employee.

Disgruntled employee

13

8. Prior to or during an employee termination meeting, which of the following should be locked or changed?
1. The employee's workstation and network accounts
2. The employee's email account(s)
3. Passwords for online accounts accessible to the employee
4. The employee's accounts on databases and file servers
5. All the above

1. The employee's workstation and network accounts
2. The employee's email account(s)
3. Passwords for online accounts accessible to the employee
4. The employee's accounts on databases and file servers

ALL THE ABOVE

14

9. Two-way communication is critical to the organizational structure model of access control.
TRUE OR FALSE

TRUE

15

10. Which of the following can help uncover dishonesty, such as fraud or theft, in the workplace? (Select two)
1. Mandatory vacation
2. Pre-employment checks
3. Job rotation
4. Ethics training
5. All the above

Mandatory vacation
Job rotation

16

11. ___ is designed to eliminate the opportunity for theft, fraud, or other harmful activity.

Two person control

17

12. Access owners are responsible for maintaining a list of authorized users.
TRUE OR FALSE

TRUE

18

13. Informing employees of security and acceptable use policies during orientation is sufficient training.
TRUE OR FALSE

FALSE

19

14. Human resources should be an integral part of enforcing security policy.
TRUE OR FALSE

TRUE