Download Quiz

Workstation
A workstation is any device that allows a user to interact with data. Workstations are how users typically
connect to the IT infrastructure and include desktop computers, laptop computers, and any device that
connects to the network.
1.) Which of the following would not be considered a workstation?
a. Smartphone
b. Fax Machine
c. Router
d. Printer
Physical Security
According to the 2011 Verizon Breach Report, physical attacks account for 10% of all reported data
breaches. In order to prevent physical security breaches strong passwords should be used as well
protecting your workstation monitor from unintended viewing by unauthorized parties.
2.) Fill in the blanks about strong password policy: A strong password should be _____
characters minimum, have at least _____ number character, and should not contain ______.
3.) True or False: You should always lock your computer when you leave, even if you plan to
only be gone for a second.
Often, discarded documents or documents left on copiers, printers, etc. can be a rich source of
information. When documents are no longer needed they should properly be disposed of to prevent
physical security breaches.
4.) Which of the following is the most practical method of destroying an unneeded document?
a. Throwing it in the trash
b. Shredding it
c. Burning it
d. Mixing it with the cafeteria’s Tuesday lunch “surprise”
Malware
Malware, also known as malicious code, refers to a program that is covertly inserted into another
program with the intent to destroy data, run destructive or intrusive programs, or otherwise
compromise the confidentiality, integrity, or availability of the victim’s data, applications, or operating
system.
5.) True or False: Malware is a common external threat to hosts.
6.) Which of the following is NOT a type of malware
a. Virus
b. Worm
c. Spear Phish
d. Trojan Horse
7.) A _______ is a self-replicating, self-contained program that execute itself without user
intervention.
Angela is an average user at the company. Angela often communicates with outside clients to arrange
meetings and sales and so has a highly visible external email address and often receives legitimate but
unexpected inquiry emails from external parties.
8.) Angela receives a document in an email from an unfamiliar source claiming to contain
pictures of cute kittens. She ignores her awareness training and opens the email
attachment. Sadly, the document contained malware and attempts to infect her machine.
Angela has just been victim of a ______________ attack.
9.) If Angela has keeps her _____________ _______________ up to date, the infection could
be detected and possibly eliminated.
Jim is a user who often travels on behalf of the organization and carries a laptop that contains sensitive
data as well as his own personal files. For the sensitive data, the major threat that the organization
needs to mitigate is unauthorized disclosure of data from the loss or theft of the laptop.
10.) The organization can protect the data by implementing ______ ______ encryption on the
laptop and requiring pre-boot ______.
Suppose Jim’s organization alters their security policy to force all laptops to be dual-boot, one OS for
sensitive information and one for user data, and prohibits storing personal files on the organization OS.
11.) If under the new configuration encryption is only supported at the OS level, which of the
following would be best for storing sensitive data:
a. Install a file/folder encryption solution on the sensitive OS.
b. Hide sensitive data on the user OS where no one will think to look.
c. Wipe the sensitive OS regularly to reduce the amount of data which could be
compromised.
d. Use the OS access control features to strictly limit where the user can save files.
Virtualization
Virtualization is the simulation of the software and/or hardware upon which other software runs. This
simulated environment is called a virtual machine (VM). In full virtualization, one or more operating
systems (OSs) and the applications they contain are run on top of virtual hardware. Each instance of an
OS and its applications runs in a separate VM called a guest operating system.
12.) The guest OSs on a host are managed by the _________ which controls the flow of
instructions between the guest OSs and the physical hardware.
13.) Malicious attackers may attempt to break out of a guest OS to access underlying structures.
This places the all other guest OSs and the underlying host OS at risk and is known as a(n)
a. Sandbox attack
b. Leak
c. Side-channel attack
d. Escape
Bios
The system BIOS is the first piece of software executed on the main central processing unit (CPU) when a
computer is powered-on. While the system BIOS was originally responsible for providing operating systems
access to hardware, its primary role on modern machines is to initialize and test hardware components and
load the operating system. In addition, the BIOS loads and initializes important system management
functions.
14.) The primary function of the system BIOS is to initialize important hardware components and
to load the operating system. This process is known as Booting. What is the last step of the
boot process?
a. Select Boot Device
b. Load Operating System
c. Initialize and Test Low-Level Hardware
d. Execute Core Root of Trust
e. Load and Execute Additional Firmware Modules
15.) True or False: The BIOS is typically implicitly trusted
16.) True or False: BIOS level malware is simple to detect because anti-malware products can
easily scan the BIOS before boot.