Chapter 107 · Quiz

Security Procedures — Quiz

Ten questions covering change control board workflow, backout plans, onboarding with least privilege, offboarding account disable vs. delete, security playbooks, SOAR capabilities, and governance structures.

1. An IT administrator proposes a change to the production database schema to improve performance. The Change Control Board reviews the proposal and notes that no rollback procedure is documented for the change. What should the CCB do, and why is a backout plan required?
2. A new marketing analyst joins the company. During onboarding, IT creates an account with read/write access to all company marketing files, read access to the finance department's files (in case collaboration is needed), and local administrator rights on the workstation. What security principle was violated, and what should the access have been?
3. A systems administrator is terminated for cause. The HR team requests that IT immediately delete the former administrator's Active Directory account. The security team objects and says the account should only be disabled. What is the security reason for disabling rather than deleting the account?
4. A security analyst receives a SIEM alert for ransomware activity on an endpoint. Within 30 seconds, the endpoint is isolated from the network, a ticket is created, the on-call analyst is notified via SMS, and threat intelligence is queried for the malware hash — all without any human action. What technology enabled this automated response?
5. A security playbook for phishing response states: "Step 3: If the email reached more than 50 mailboxes, escalate to the IR lead and engage the communications team. If fewer than 50 mailboxes, proceed to Step 4." What feature of security playbooks does this demonstrate?
6. A global organization with 15 business units in 12 countries decides that each business unit's local IT team will manage its own security with independent decision-making authority, while the central CISO sets minimum baseline standards that all units must meet. What governance model is this?
Matching: Security Procedure Concepts

Match each concept (1–4) to its correct description (A–D).

1Change Control Board (CCB)
2SOAR
3Offboarding account disable
4Onboarding hardware provisioning
ANew employees should receive pre-configured devices with security tools installed rather than blank hardware, ensuring consistent security baseline from day one
BThe formal governance body that reviews and approves or rejects proposed system changes after evaluating scope, risk, impact, and rollback plans
CAccounts are set to inactive rather than removed on an employee's last day, preserving encrypted data, certificates, and digital signatures associated with the account
DA platform that connects security tools and executes playbook steps automatically in response to trigger conditions, reducing response time from minutes to seconds