11.2 Your school is thinking about requiring the use of a biometric, in addition to a password, to access resources such as email and the learning management system. The administration has asked for student input. Which biometric, if any, would you be willing to have your school use? Why? 114 Which preventive, detective, and/or corrective controls would best mitigate the following threats? a. An employce's laptop was stolen at the airport. The laptop contained personally identifying information about the company's customers that could potentially be used to commit identity theft. . A salesperson successfully logged into the payrol system by guessing the payroll c. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters d. An employee received an email purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the email to view the new policy, she infected her laptop with a keystroke logger. c. A company's programming staff wrote custom code for the shopping cart feature on its website. The code contained a buffer overflow vulnerability that could be exploited when the customer typed in the ship-te address. A company purchased the leading off-the-sher e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back-end database by entering appropriate SQL code. Attackers broke into the company's informatie system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security. h. An employee picked up a USB drive in the parking lot and plugged it into their laptop to see what was on it," which resulted in a keystroke logger being installed on that laptop. i. Once an attack on the company's website was discovered, it took more than 30 minutes to determine wheto contact to initiate response actions. 1 of 3 Bernadette R... e 11.2 Your school is thinking about requiring the use of a biometric, in addition to a password, to access resources such as email and the learning management system. The administration has asked for student input. Which biometric, if any, would you be willing to have your school use? Why? 114 Which preventive, detective, and/or corrective controls would best mitigate the following threats? a. An employce's laptop was stolen at the airport. The laptop contained personally identifying information about the company's customers that could potentially be used to commit identity theft. . A salesperson successfully logged into the payrol system by guessing the payroll c. A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters d. An employee received an email purporting to be from her boss informing her of an important new attendance policy. When she clicked on a link embedded in the email to view the new policy, she infected her laptop with a keystroke logger. c. A company's programming staff wrote custom code for the shopping cart feature on its website. The code contained a buffer overflow vulnerability that could be exploited when the customer typed in the ship-te address. A company purchased the leading off-the-sher e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the back-end database by entering appropriate SQL code. Attackers broke into the company's informatie system through a wireless access point located in one of its retail stores. The wireless access point had been purchased and installed by the store manager without informing central IT or security. h. An employee picked up a USB drive in the parking lot and plugged it into their laptop to see what was on it," which resulted in a keystroke logger being installed on that laptop. i. Once an attack on the company's website was discovered, it took more than 30 minutes to determine wheto contact to initiate response actions. 1 of 3 Bernadette R... e
