The biggest security liability in an organization
A) Employees
B) Insecure configuration of systems
C) Faulty software
D) Public perception/popularity
A) Employees
Which of the following file transfer protocols is an extension of SSH?
A. FTP
B. TFTP
C. SFTP
D. FTPS
C. SFTP
How Schellman protects data in transit
A. TLS 1.1
B. TLS 1.2
C. AES-128
D. AES-256
B. TLS 1.2
This type of hacker referred to by a colorful bit of headwear helpfully tests computer systems for vulnerability
White Hat
Another way of saying that someone or something is too much or over the top
Extra
Phishing Attack Targeting Executives
A) Spear Phishing
B) Phishing
C) Whaling
D) Vishing
C) Whaling
The risk handling technique that involves the practice of being proactive so that the risk in question is not realized
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk transfer
C. Risk Avoidance
Schellman's Chief Information Security Officer (CISO) responsible for security awareness and policy review
A. Matt Wilgus
B. Kristen Wilbur
C. Ryan Buckner
D. Jacob Ansari
D. Jacob Ansari
A website with a site certificate is one that uses encryption; this letter after HTTP is one sign of it
S
Stand-alone expression of excitement
YEET
The following access control technology provides a rolling password for one-time use
A. RSA token
B. ACL
C. Multifactor authentication
D. PIV card
A. RSA token
The following penetration testing type is performed by security professionals with limited inside knowledge of the network
A. External vulnerability scan
B. Gray box
C. White box
D. Black box
B. Gray box
Schellman classifies client data as the following:
A. Public
B. Internal
C. Confidential
D. Restricted
D. Restricted
A ransomware attack that encrypted 3,800 city of Atlanta computers demanded 6 of these digital items to unfreeze them
Bitcoin
Equivalent to our “for real” or no “no lie”
No Cap
A passive attempt to identify weaknesses
A. Penetration Testing
B. IDS / IPS
C. File Integrity Monitoring
D. Vulnerability Scans
D. Vulnerability Scans
The following cloud computing concept best describes providing an easy-to-configure OS and on-demand computing
A. Software-as-a-service
B. Database-as-a-service
C. Platform-as-a-service
D. Managed Service Provider
C. Platform-as-a-service
Schellman's mobile device management (MDM) policies require all of the following except...
A. Lock screen passcode
B. Minimum OS version be within the most recent 2 versions
C. Device encryption enabled
D. Screen lockout time enabled to 5 minutes
B. Minimum OS version be within the most recent 2 versions
Companies consider cybersecurity when instructing employees with a policy on BYOD, short for this
Bring Your Own Device
The latest gossip or story
Tea
An increasingly popular type of cyber attack (just ask SolarWinds and Kaseya)
A. SQL Injection
B. Supply-chain attack
C. DDOS
D. Cryptojacking
B. Supply-chain attack
A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?
A. Review a sample of PCRs for proper approval throughout the program change process.
B. Trace a sample of program changes from the log to completed PCR forms.
C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
D. Trace a sample of complete PCR forms to the log of all program changes.
C. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
The following is NOT a Schellman best practice:
A. Utilizing email when possible to communicate follow-up and client information
B. Share only the application screen when presenting in Teams or Zoom
C. Redacting overly-sensitive client evidence with PII
D. Utilizing a password manager
A. Utilizing email when possible to communicate follow-up and client information
(Use AuditSource when possible!)
Beware of these types of programs that track every stroke you make while typing in an effort to glean your password
Keylogging Programs
Out of style
Cheugy