Cram Quiz

Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.

1. Which policy details what users may do with their network access?

?   A. Privacy

?   B. Acceptable Use

?   C. Storage and Retention

?   D. Secure Disposal

2. When preparing to securely dispose of a hard drive, what is the term for reducing the magnetic flux density of the media to zero?

?   A. Declassification

?   B. Destruction

?   C. Degaussing

?   D. Overwriting

3. The policy preventing too much power leading to corruption is called the __________________ policy.

?   A. Account Provisioning

?   B. Least Privilege

?   C. Separation of Duties

?   D. Acceptable Use

Cram Quiz Answers

1. B. The Acceptable Use policy details what users may do with their network access, which generally excludes illegal acts and actions that cost the organization money or public favor. Answer A is incorrect as the Privacy policy covers PII protection requirements and practices. Both C and D deal with information storage and storage device disposal so are not related to network access use.

2. C. Degaussing involves exposing the media to a powerful electromagnetic device, erasing all magnetic variation within the media. Answer A is incorrect because declassification is a formal process for assessing the risk involved with discarding information, rather than media sanitization itself. Answer B is incorrect because destruction involves physical destruction of the storage device rather than only magnetic degaussing. Answer D is incorrect because overwriting involves the sequential writing of 1s and 0s to mask previously stored data and does not reduce all magnetic flux in the media to zero.

3. C. The separation of duties policy ensures that a single individual is not responsible for all areas of control and compliance over an organizational function, which ensures that proper checks and balances remain in effect. Answer A is incorrect because the account provisioning policy details new account-creation protocols, and answer B is incorrect because the principle of least privilege ensures only that permissions are only sufficient for job requirements without precluding assignment of both control and compliance functions to the same individual. Answer D is incorrect because the acceptable use policy defines only what a user may do with his network access, not what roles he may fulfill.