{"name":"Question 1", "url":"https://www.quiz-maker.com/QPREVIEW","txt":"The CISO of Study Notes and Theory has issued a security policy for the Director and managers of the IT Department. Going forward, regularly maintained security logs must be available for third party auditors. The company is going to begin the process of ISO 27001 certification, and security logs are a necessity in order to adhere to the ISO guidelines. The logs should include the IP addresses of the network devices, along with all the traffic that traverses them on a daily basis. Usernames, passwords, IP addresses, and encrypted secret keys must also be included in the security logs. The setup, security, and the transfer of network audit logs are also to be handled by different functional members of the company. The CISO wants an environment where logs are handled by different privileged levels of employees all the way up to the third-party auditors. A server administrator will setup a Linux server to save the logs. A network engineer will create SNMP and Syslog traffic to be routed to the log server from various network devices. The network department manager will need to approve the work before it is completed. The security engineer will make sure the SNMP and Syslog traffic are properly encrypted while the data is in motion to the log server. The security department manager will need to make sure the engineer is implementing proper encryption methods and strength. Finally, the IT Director will be responsible for properly transferring the logs from the server, to the external auditors. The CISO will approve the IT Director’s work. What is the FIRST step to take before implementing the CISO’s new policy?, The Study Notes and Theory corporate office is going through a lot of security hardening procedures, both physical and logical. The front of the office will have bollards installed as a guiding pathway to the main entrance. The front gate will also require better illumination, for which 2 candle feet of power at a height of 8 feet will be installed. The main office area will also be expanding with the addition of new employees which will require more Ethernet ports, desks, plenum space, and electrical outlets. Contractors will be hired to perform the construction of the new office space, and the installation of bollards and illumination fixtures. The contractors will each be given unique credentials to connect to the guest wireless network. Users on the guest wireless network are segregated from the LAN, and are only allowed access to the Internet. The security administrator will create the accounts for the contractors, but their permissions will be set by the project manager. Stacy, the current receptionist, has been tasked to expand her role and take lead in making sure contractors are given their proper wireless credentials, are given a tour of the building, and relaying any messages they might have back to the project manager. Which one of the following principles is NOT being practiced?","img":"https://www.quiz-maker.com/3012/images/ogquiz.png"}