Creating a Company Culture for Security

Latest Submission Grade: 100%

Question 1
What tool can you use to discover vulnerabilities or dangerous misconfigurations on
your systems and network?

Firewalls
Bastion hosts
Vulnerability scanners
Antimalware software
A vulnerability scanner is a tool that will scan a network and systems looking for
vulnerabilities or misconfigurations that represent a security risk.

Question 2
A strong password is a good step towards good security, but what else is
recommended to secure authentication?

Strong encryption
Vulnerability scanning
2-factor authentication
Password rotation
Two-factor authentication, combined with a strong password, significantly increases
the security of your authentication systems.

Question 3
What's a quick and effective way of evaluating a third party's security?

A security assessment questionnaire

A signed contract
A comprehensive penetration testing review
A manual evaluation of all security systems
A security assessment questionnaire would help you understand how well-defended a
third party is, before deciding to do business with them.

Question 4
When handling credit card payments, your organization needs to adhere to the _____.

ISO
HIPAA
PCI DSS
IEEE
When handling credit card payments, your organization needs to adhere to the
Payment Card Industry Data Security Standard (PCI DSS).

Question 5
A company wants to restrict access to sensitive data. Only those who have a "need
to know" will have access to this data. Strong access controls need to be
implemented. Which of these examples, that don't include user identification, are
used for 2-factor authentication? Check all that apply.

U2F token
Common Access Card
Password
Smart card
Question 6
Your company wants to establish good privacy practices in the workplace so that
employee and customer data is properly protected. Well-established and defined
privacy policies are in place, but they also need to be enforced. What are some
ways to enforce these privacy policies? Check all that apply.

Print customer information

Audit access logs
Lease privilege
VPN connection
Question 7
Which of these are bad security habits commonly seen amongst employees in the
workplace? Check all that apply.

Leave laptop logged in and unattended

Lock desktop screen
Log out of website session
Password on a post-it note
Question 8
What are some ways to combat against email phishing attacks for user passwords?
Check all that apply.

Virtual private network

Cloud email
User education
Spam filters
Question 9
Third-party services that require equipment on-site may require your company to do
which of the following? Check all that apply.

Report any issues discovered from evaluating hardware.

Provide additional monitoring via a firewall or agentless solution.
Provide remote access to third-party service provider.
Evaluate hardware in the lab first.
Question 10
Periodic mandatory security training courses can be given to employees in what way?
Check all that apply.

Interoffice memos
Short video
One-on-one interviews
Brief quiz
Question 11
Once the scope of the incident is determined, the next step would be _____.

documentation
containment
remediation
escalation
Once the scope of the incident is determined, the next step would be containment.