Question

An organization uses SSO authentication for employee access to network resources. When an employee

resigns, as per the organization’s security policy, the employee’s access to all network resources is terminated immediately. Two weeks later, the former employee sends an email to the help desk for a password reset to access payroll information from the human resources server. Which of the following represents the BEST course of action?

1. Approve the former employee’s request, as a password reset would give the former employee access to only the human resources server.
2. Deny the former employee’s request, since the password reset request came from an external email address.
3. Deny the former employee’s request, as a password reset would give the employee access to all network resources.
4. Approve the former employee’s request, as there would not be a security issue with the former employee gaining access to network resources.

_________________________________________________________________________________________________________________________________

Phishing emails frequently take advantage of high-profile catastrophes reported in the news. Which of the following principles BEST describes the weakness being exploited?

1. Intimidation
2. Scarcity
3. Authority
4. Social proof

_____________________________________________________________________________________________________________________________________

An organization is working with a cloud services provider to transition critical business applications to a hybrid cloud environment. The organization retains sensitive customer data and wants to ensure the provider has sufficient administrative and logical controls in place to protect its data.

In which of the following documents would this concern MOST likely be addressed?

1. Service level agreement
2. Interconnection security agreement
3. Non-disclosure agreement
4. Business process analysis

Answer 1

1. option C

Since the authentication is SSO (Single Sign-On), a change in the password once to the former employee will give him access to the rest of the network, which is a security and data hazard.

2. option A

Phishing emails generally target their user with a sense of urgency and try to show that some threat or harm is on the way. This intimidates the user to click on the malicious links which infects the system with the malware.

3. option B

ISA is a document that handles and regulates security-relevant aspects of an intended connection between an agency and an external system. It manages the security interface between any two systems operating under two different authorities handling the task. It includes a variety of descriptive, technical, procedural, and planning information. It is usually performed in a succession of a formal MOA/MOU that defines high- level roles and responsibilities in the management of a cross-domain connection.