Module 6 challenge: Creating a Company Culture for Security:IT Security: Defense against the digital dark arts(Google IT Support Professional Certificate) Answers:2025

Question 1

When handling credit card payments, the organization needs to adhere to the _____.

✅ PCI DSS
❌ ISO
❌ HIPAA
❌ IEEE

Explanation:
PCI DSS (Payment Card Industry Data Security Standard) defines strict requirements for securing credit card data — including encryption, network segmentation, and secure storage practices.

---

Question 2

What tools can be used to discover vulnerabilities or dangerous misconfigurations in systems and networks?

✅ Vulnerability scanners
❌ Bastion hosts
❌ Firewalls
❌ Antimalware software

Explanation:
Vulnerability scanners (like Nessus or OpenVAS) automatically identify system weaknesses and insecure configurations, helping teams patch before attackers exploit them.

---

Question 3

What is penetration testing?

✅ Attempting to break into a system or network for the purpose of verifying the systems in place.
❌ Giving access to a bad actor
❌ Assessing computers for weaknesses (that’s vulnerability scanning)
❌ Phishing emails

Explanation:
Penetration testing (ethical hacking) simulates real attacks to verify how well security controls defend against threats — a proactive step beyond vulnerability scanning.

---

Question 4

What are some ways to enforce privacy policies?

✅ Apply the principle of least privilege
✅ Audit access logs
❌ VPN connection
❌ Print customer information

Explanation:

• Least privilege: Give users only the access needed for their role.

• Audit logs: Review who accessed what and when — detecting unauthorized activity.

---

Question 5

Which of the following is recommended to secure authentication?

✅ 2-factor authentication
❌ Strong encryption (used for data, not login verification)
❌ Vulnerability scanning
❌ Password rotation

Explanation:
Two-factor authentication (2FA) adds a layer of security by requiring a second verification method (e.g., code, fingerprint) — greatly reducing account compromise risk.

---

Question 6

When thinking about credential theft, what is one of the greatest workplace cybersecurity risks?

✅ Phishing emails
❌ Keylogging
❌ Credential stealing texts
❌ Blackmail

Explanation:
Phishing is the #1 cause of credential theft — users are tricked into revealing passwords or clicking malicious links that capture credentials.

---

Question 7

What is a quick way of evaluating a third party’s security?

✅ A security assessment questionnaire
❌ Manual review
❌ Penetration testing
❌ Signed contract

Explanation:
Security questionnaires help evaluate third-party vendors’ security practices efficiently — covering controls like encryption, access management, and compliance.

---

Question 8

Google provides free _____, which is a good starting point when assessing third-party vendors.

✅ vendor security assessment questionnaires
❌ Business apps
❌ Cloud storage
❌ Mobile phone services

Explanation:
Google provides free Vendor Security Assessment Questionnaires (VSAQ) to help organizations evaluate vendor cybersecurity posture.

---

Question 9

What are some behaviors to encourage to build a security-conscious culture?

✅ Asking security-related questions
✅ Checking website URLs when authenticating
✅ Locking your screen
❌ Shaming people

Explanation:
Security culture grows through positive reinforcement and awareness — encouraging vigilance, responsible device use, and teamwork.

---

Question 10

Once the scope of the incident is determined, the next step would be _____.

✅ containment
❌ remediation
❌ documentation
❌ escalation

Explanation:
After identifying the scope of an incident, the next immediate action is containment — isolating affected systems to prevent further spread or damage before remediation.

---

🧾 Summary Table

---