Chapter 29: Securing Computers

Mary’s company routinely labels data according to its sensitivity or potential danger to the company if someone outside accesses the data. This is an example of _____.
data classification
Once you’ve gathered data about a particular system or you’ve dealt with a computer or network problem, you need to complete the mission by telling your supervisor. This is called _______.
incidence reporting
_____ is the act of trying to get people to give their usernames, passwords, or other security information by pretending to be someone else electronically.
phishing
Enable ______ to create Event Viewer entries when a specific file is accessed.
object access auditing
Although not all _______ is malicious, it can lead to data destruction.
unauthorized access
Most attacks on computer data are accomplished through ________.
social engineering
Going through someone’s trash to uncover personal information is known as _____.
dumpster diving
Many companies authenticate access to secure rooms using an ownership factor such as a(n) ______.
smart card
A ______ is an authentication device that uses your physical body in some way, such as a retinal or fingerprint scanner.
biometric device
Following someone into a restricted area is known as _______.
tailgating
What is the process of using or manipulating people to gain access to network resources?
Social engineering
Which of the following might offer good hardware authentication?
Smart card
Which of the following tools would enable you to stop a user from logging on to a local machine but still enable him to log on to the domain?
Local Security Policy
John dressed up in a fake security guard uniform that matched the uniforms of a company and then walked in with some legitimate employees in an attempt to gain access to company resources. What kind of attack is this?
Tailgating
The first day on the job, Jill received a spreadsheet that listed approved software for users and clear instructions not to allow any unapproved software. What kind of policy must she follow?
Compliance
Which of the following would be considered an environmental threat? (Choose three.)
Temperature / Humidity / Power
A user account is a member of several groups, and the groups have conflicting rights and permissions to several network resources. The culminating permissions that ultimately affect the user’s access are referred to as what?
Effective permissions
What type of authentication uses at least two different methods to determine the user’s identity?
Multi factor authentication
What system enables users to categorize documents by importance and privacy?
Data classification
Which threats are categorized as social engineering? (Select all that apply.)
Telephone scams
Dumpster diving
What do you call the documented list of everyone who has had access to a computer?
User access list
A user calls and complains that the technician who fixed his computer removed some software he used to listen to music on the Internet. A check of approved software does not include the LimeWire application, so what should the supervisor do?
Applaud the technician for proper compliance.
Your boss is considering getting an Internet connection for the office so employees have access to e-mail, but she is concerned about hackers getting into the company server. What can you tell your boss about safeguards you will implement to keep the server safe?
Students should discuss the use of a firewall to protect against attacks from the Internet. They should also discuss antivirus software and the importance of keeping virus definitions up to date. Some students may discuss the use of Group Policy to limit Internet usage and prevent installation of spyware.