Protect IT
Can You (Still) Pass The CISA Exam?
Information Security at Schellman
Can You Beat The Jeopardy G.O.A.T.S?
How Boomer Are You?
100

The biggest security liability in an organization

A) Employees

B) Insecure configuration of systems

C) Faulty software

D) Public perception/popularity

A) Employees

100

Which of the following file transfer protocols is an extension of SSH?       

A. FTP

B. TFTP

C. SFTP

D. FTPS

C. SFTP

100

How Schellman protects data in transit

A. TLS 1.1

B. TLS 1.2

C. AES-128

D. AES-256

B. TLS 1.2

100

This type of hacker referred to by a colorful bit of headwear helpfully tests computer systems for vulnerability

White Hat

100

Another way of saying that someone or something is too much or over the top

Extra

200

Phishing Attack Targeting Executives

A) Spear Phishing

B) Phishing

C) Whaling

D) Vishing

C) Whaling

200

The risk handling technique that involves the practice of being proactive so that the risk in question is not realized

A. Risk Mitigation

B. Risk Acceptance

C. Risk Avoidance

D. Risk transfer

C. Risk Avoidance

200

Schellman's Chief Information Security Officer (CISO) responsible for security awareness and policy review

A. Matt Wilgus

B. Kristen Wilbur

C. Ryan Buckner

D. Jacob Ansari

D. Jacob Ansari

200

A website with a site certificate is one that uses encryption; this letter after HTTP is one sign of it

S

200

Stand-alone expression of excitement

YEET

300

The following access control technology provides a rolling password for one-time use

A. RSA token

B. ACL

C. Multifactor authentication

D. PIV card

A. RSA token

300

The following penetration testing type is performed by security professionals with limited inside knowledge of the network    

A. External vulnerability scan

B. Gray box

C. White box

D. Black box

B. Gray box

300

Schellman classifies client data as the following:

A. Public

B. Internal

C. Confidential

D. Restricted

D. Restricted

300

A ransomware attack that encrypted 3,800 city of Atlanta computers demanded 6 of these digital items to unfreeze them

Bitcoin

300

Equivalent to our “for real” or no “no lie”

No Cap

400

A passive attempt to identify weaknesses

A. Penetration Testing

B. IDS / IPS

C. File Integrity Monitoring

D. Vulnerability Scans

D. Vulnerability Scans

400

The following cloud computing concept best describes providing an easy-to-configure OS and on-demand computing

A. Software-as-a-service

B. Database-as-a-service

C. Platform-as-a-service

D. Managed Service Provider

C. Platform-as-a-service

400

Schellman's mobile device management (MDM) policies require all of the following except...

A. Lock screen passcode

B. Minimum OS version be within the most recent 2 versions

C. Device encryption enabled

D. Screen lockout time enabled to 5 minutes

B. Minimum OS version be within the most recent 2 versions

400

Companies consider cybersecurity when instructing employees with a policy on BYOD, short for this

Bring Your Own Device

400

The latest gossip or story

Tea

500

An increasingly popular type of cyber attack (just ask SolarWinds and Kaseya)

A. SQL Injection

B. Supply-chain attack

C. DDOS

D. Cryptojacking

B. Supply-chain attack

500

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?

A. Review a sample of PCRs for proper approval throughout the program change process.

B. Trace a sample of program changes from the log to completed PCR forms.

C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.

D. Trace a sample of complete PCR forms to the log of all program changes.

C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.

500

The following is NOT a Schellman best practice:

A. Utilizing email when possible to communicate follow-up and client information

B. Share only the application screen when presenting in Teams or Zoom

C. Redacting overly-sensitive client evidence with PII

D. Utilizing a password manager

A. Utilizing email when possible to communicate follow-up and client information

(Use AuditSource when possible!)

500

Beware of these types of programs that track every stroke you make while typing in an effort to glean your password

Keylogging Programs

500

Out of style

Cheugy

M
e
n
u