6. Which of the following are actions and/or steps that can be taken to avoid leaks and disclosures when handling sensitive data?
- Giving the employees the right tools to get their work done without compromising security.
- Understanding what employees need to do to accomplish their jobs.
- Giving unrestricted access to the employees handling sensitive data
- Allowing employees to write their passwords on a post-it note
7. When evaluating the services of a vendor company, which of the following can be used to assess their security capabilities? Check all that apply.
- Ask the vendor to complete a questionnaire
- Assume that they’re using industry-standard solutions
- Request full access to the vendor systems to perform an assessment
- Ask them to provide any penetration testing or security assessment reports
8. What is the goal of mandatory IT security training for an organization? Check all that apply.
- To punish employees with poor security practices
- To educate employees on how to stay secure
- To build a culture that prioritizes security
- To avoid the need for a security team
9. Which of the following are necessary in the organization to create a culture that makes security a priority? Select all that apply.
- Reinforce and reward behaviors that boost the security of the organization
- A working environment that encourages people to speak up.
- Punish employees every time they make poor security practices
- Designated communication channels
10. A long and complex password requirement is designed to protect against _________.
- lazy users
- employees memory lost
- brute force attacks
- password reuse
