28. Which of the following devices are considered a risk when storing confidential information?
Select all that apply.
- Encrypted portable hard drives
- Limited access file shares
- CD drives
- USB sticks
29. Which of the following are ways to prevent email phishing attacks against user passwords? Select all that apply.
- User education
- Virtual private network
- Cloud email
- Spam filters
30. When contracting services from a third party, what risk is the organization exposed to?
- Zero-day vulnerabilities
- Trusting the third party’s security
- Malware attacks
- DDoS attacks
31. Periodic mandatory security training courses can be given to employees in what way? Select all that apply.
- Brief quiz
- One-on-one interviews
- Interoffice memos
- Short video
32. How can events be reconstructed after an incident?
- By reviewing and analyzing logs
- By interviewing the people involved
- By doing analysis of forensic malware
- By replaying security video footage
33. What is the first step in performing a security risk assessment?
- Logs analysis
- Threat modeling
- Vulnerability scanning
- Penetration testing
34. What is penetration testing?
- Giving network access to a bad actor for the purposes of testing.
- Assessing computers, computer systems, networks, or applications for weaknesses.
- Attempting to break into a system or network for the purpose of verifying the systems in place.
- Attempting to gather credentials with phishing emails.
35. Consider the following scenario:
A co-worker needs to share a sensitive file with you, but it is too large to send via an encrypted email. The co-worker works out of a remote office. You work at headquarters. Which of these options would most likely be approved by the company’s security policies? Select all that apply.
- Upload to company secure cloud storage
- Upload to a personal OneDrive
- Put on a company file server that you both have access to
- Upload to a personal Google drive
36. Google provides free _____, which is a good starting point when assessing third-party vendors.
- cloud storage
- vendor security assessment questionnaires
- mobile phone services
- business apps
37. What are the first two steps of incident handling and response?
- Incident eradication or removal
- Incident recovery
- Incident detection
- Incident containment
Shuffle Q/A 2
38. When working on a laptop in a public area, always _____ when getting up to use the restroom.
- Ask a coworker to watch the laptop
- Set up a VPN
- Lock the screen
- Ask permission to leave
39. What is a quick way of evaluating a third party's security?
- A comprehensive penetration testing review
- A security assessment questionnaire
- A signed contract
- A manual evaluation of all security systems
