Security Plus 701 Mega Challenge 1

Company purchases and issues device that can only be used for business purposes.

Employee brings any device that they own and can use it for business and personal use.

Employee chooses a device from a list of acceptable devices published by the company.

Company purchases and issues device that can be used for business and for personal use.

A Software that is installed on a mobile device that gives a company control over corporate data stored on the device.

A command a company can send to an employee device to remove corporate data.

A system that can be used to scan mobile devices for health conditions before it connects to a network.

A technology we can use to keep all data on a mobile device safe in the event that it is stolen or lost.

Installing unverified software onto a mobile device that would typically be restricted.

Removing the software restrictions from a mobile device.

Access Control rights are determined by an employees position or title.

Access Control rights are determined security labels and security levels.

Access Control rights are determined by a set of rules and mandates.

Access Control rights are determined by several varying factors and properties.

Access Control rights are at the discretion of a human.

A configuration that will check the geographic distance between two account logins.

Ensures users are using more than one way to authenticate, increasing security.

A setting that will lock an account after an action.

Ensures users have only the accesses needed to perform their job.

Manages domain admin accounts by limiting permissions, and prevents Pass-the-Hash Attack.

Best option for giving a contractor secure access to an internal system.

Best architecture to use for maximum redundancy for critical systems.

The benefits of this architecture include enhanced scalability and compartmentalization.

This automates infrastructure deployment using code, making server provisioning faster.

Term for a piece of equipment that is no longer receiving patch updates or support from the manufacturer.

Data that is being stored, or has been archived.

Removing data from drives in a repeatable manner. Helps prevent data recovery by hackers.

Data that is actively being transmitted between two points.

Data that is being processed by a program or application.

The process of verifying that all data has actually been removed from a device.

Keeps a data inventory of all data that our company collects.

The process of identifying what data falls into what categories.

Best way to protect data being transmitted over the internet.

Best way to protect credit card data in a testing environment using obfuscation.

Best way to protect credit card data that is being stored in a database from theft.

Authority that issues a digital certificate to a company.

The service/protocol that checks to see if a certificate is on the CRL.

To replace a SSL certificate, you would create a new one of these.

This is used to identify certificates that are no longer valid or have expired.

The master certificate that must be installed in order for the certificate process to work.

Legal contract between two parties that determines what they are not allowed to disclose.

A plan that helps a company maintain its continuity of operations in the event of an attack.

A document that outlines the specific financial & operational impacts of a situation occurring

A plan that helps a company restore vital systems.

Policy that states how an employee can use an IT asset at a company.

A type of exercise we use to test the readiness of a disaster recovery hot site.

A plan that outlines how an organization responds to an attack on the organization.

A discussion based exercise we use to revise and strengthen our IRP.

A statement the covers the timeline of a project, how much it will cost to perform, and what the work will include.

A non-legal document that covers a basic understanding of a business relationship.