After a recent security breach, the network administrator has been tasked to update and backup all router and switch configurations. The security administrator has been tasked to enforce stricter security policies. All users were forced to undergo additional user awareness training. All of these actions are due to which of the following types of risk mitigation strategies?
A. Change management B. Implementing policies to prevent data loss C. User rights and permissions review D. Lessons learned
Answer: D
Explanation: Incident response procedures involves: Preparation; Incident identification; Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Described in the question is a situation where a security breach had occurred and its response which shows that lessons have been learned and used to put in place measures that will prevent any future security breaches of the same kind.
End-user awareness training for handling sensitive personally identifiable information would include secure storage and transmission of customer:
A. Date of birth. B. First and last name. C. Phone number. D. Employer name.
Answer: A
Explanation: Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit card number, or patient record. Date of birth is personally identifiable information.
There has been an increased amount of successful social engineering attacks at a corporate office. Which of the following will reduce this attack in the near future?
A. Helpdesk training B. Appropriate use policy C. User awareness training D. Personal Identifiable Information