Computer security Question:
Download Job Interview Questions and Answers PDF
Password Management questions
Answer:
* Who knows the passwords for systems that perform critical business functions?
* Do we regularly change passwords on critical systems?
* Do we require end users to change their passwords? How often?
* Do we educate end users about good password choices? (e.g. avoid family names and dates, use a password longer than 6 characters, don’t use words found in dictionaries, include numerals in the password).
* Do we discourage sharing of user names and passwords among multiple people?
* Do we provide tools to help people choose strong passwords? (Note: some system administrators use automated tools to scan the user database or password file for easily-guessed passwords.)
* Do our systems “lock out” an account after a pre-determined number of failed login attempts?
* How do we manage which people have privileged access to our systems? Do we periodically review which people have “root” or “superuser” or “administrative” privileges on systems? Do we have a procedure to remove privileges for employees who have left the university? Do we remove privileged access when an employee no longer needs it?
* Do we ensure that in case of emergency someone will have passwords for critical systems (for instance, if the primary system administrator is unavailable).
* Do we regularly change passwords on critical systems?
* Do we require end users to change their passwords? How often?
* Do we educate end users about good password choices? (e.g. avoid family names and dates, use a password longer than 6 characters, don’t use words found in dictionaries, include numerals in the password).
* Do we discourage sharing of user names and passwords among multiple people?
* Do we provide tools to help people choose strong passwords? (Note: some system administrators use automated tools to scan the user database or password file for easily-guessed passwords.)
* Do our systems “lock out” an account after a pre-determined number of failed login attempts?
* How do we manage which people have privileged access to our systems? Do we periodically review which people have “root” or “superuser” or “administrative” privileges on systems? Do we have a procedure to remove privileges for employees who have left the university? Do we remove privileged access when an employee no longer needs it?
* Do we ensure that in case of emergency someone will have passwords for critical systems (for instance, if the primary system administrator is unavailable).
Download Computer security Interview Questions And Answers
PDF
| Previous Question | Next Question |
| How do we “lock down” a new system? | Software Maintenance questions |