Creating a Company Culture for Security – Shuffle Q/A 1

28. Which of the following devices are considered a risk when storing confidential information?

Select all that apply.

  • Encrypted portable hard drives
  • Limited access file shares
  • CD drives
  • USB sticks

29. Which of the following are ways to prevent email phishing attacks against user passwords? Select all that apply.

  • User education
  • Virtual private network
  • Cloud email
  • Spam filters

30. When contracting services from a third party, what risk is the organization exposed to?

  • Zero-day vulnerabilities
  • Trusting the third party’s security
  • Malware attacks
  • DDoS attacks

31. Periodic mandatory security training courses can be given to employees in what way? Select all that apply.

  • Brief quiz
  • One-on-one interviews
  • Interoffice memos
  • Short video

32. How can events be reconstructed after an incident?

  • By reviewing and analyzing logs
  • By interviewing the people involved
  • By doing analysis of forensic malware
  • By replaying security video footage

33. What is the first step in performing a security risk assessment?

  • Logs analysis
  • Threat modeling
  • Vulnerability scanning
  • Penetration testing

34. What is penetration testing?

  • Giving network access to a bad actor for the purposes of testing.
  • Assessing computers, computer systems, networks, or applications for weaknesses.
  • Attempting to break into a system or network for the purpose of verifying the systems in place.
  • Attempting to gather credentials with phishing emails.

35. Consider the following scenario:

A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company’s security policies? Select all that apply.

  • Upload to company secure cloud storage
  • Upload to a personal OneDrive
  • Put on a company file server that you both have access to
  • Upload to a personal Google drive

36. Google provides free _____, which is a good starting point when assessing third-party vendors.

  • cloud storage
  • vendor security assessment questionnaires
  • mobile phone services
  • business apps

37. What are the first two steps of incident handling and response?

  • Incident eradication or removal
  • Incident recovery
  • Incident detection
  • Incident containment

Shuffle Q/A 2

38. When working on a laptop in a public area, always _____ when getting up to use the restroom.

  • Ask a coworker to watch the laptop
  • Set up a VPN
  • Lock the screen
  • Ask permission to leave

39. What is a quick way of evaluating a third party's security?

  • A comprehensive penetration testing review
  • A security assessment questionnaire
  • A signed contract
  • A manual evaluation of all security systems

Devendra Kumar

Project Management Apprentice at Google

Leave a Reply