Password and Access Control Policy Draft Quiz
9 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the minimum required length for passwords according to the policy?

  • 8 characters (correct)
  • 12 characters
  • 10 characters
  • 6 characters
  • How many password history entries are maintained according to the policy?

  • 3 passwords
  • 5 passwords
  • 2 passwords
  • 4 passwords (correct)
  • What is the password lockout duration after 6 unsuccessful attempts?

  • 1 hour
  • 30 minutes (correct)
  • 24 hours
  • 15 minutes
  • Who should approve deviation from the policy?

    <p>Security Management Team and/or Legal Counsel (D)</p> Signup and view all the answers

    Which standard does the document reference?

    <p>PCI DSS (A)</p> Signup and view all the answers

    What is the principle behind user authentication according to the policy?

    <p>Principle of least privilege (C)</p> Signup and view all the answers

    How many characters should passwords include according to the policy?

    <p>Upper and lower case letters, numbers, and special characters (C)</p> Signup and view all the answers

    What type of authentication should be used for remote access to the cardholder network?

    <p>Two-factor authentication (A)</p> Signup and view all the answers

    Who should monitor and change vendors' remote access accounts regularly?

    <p>Information Security Manager (C)</p> Signup and view all the answers

    Study Notes

    Password and Access Control Policy Document

    • The document is a draft version 0.1 of the Password and Access Control Policy.
    • It outlines roles and responsibilities for HR, Information Security Manager, and Systems Administrators.
    • The policy applies to all systems and assets owned, managed, or operated by the company.
    • User authentication is based on business needs and the principle of least privilege.
    • Different authentication mechanisms are specified for various access points like operating systems, web applications, email, and voice.
    • Passwords must be at least 8 characters long and include upper and lower case letters, numbers, and special characters.
    • Password history is maintained for at least 4 passwords, and password lockout is set to 6 attempts with a duration of 30 minutes.
    • Remote access to the cardholder network should utilize two-factor authentication.
    • Vendors' remote access accounts should be monitored and changed regularly.
    • Violations of the policy may result in disciplinary action, including termination of employment.
    • Deviation from the policy is allowed only with a valid business case reviewed and approved by the Security Management Team and/or Legal Counsel.
    • The document references the Payment Card Industry Data Security Standard (PCI DSS).

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on the draft version 0.1 of the Password and Access Control Policy, covering roles, responsibilities, and authentication requirements for systems and assets within a company. Explore topics like password complexity, history maintenance, remote access security, and consequences of policy violations.

    More Like This

    Use Quizgecko on...
    Browser
    Browser