9-20
If a user at an enterprise forgets his/her own password, which of the following is an appropriate way in which a security administrator should inform the user of his/her passwords
after confirming his/her identity?
a) A security administrator retrieves the password which is stored on his/her own computer, and then sends it to the user in the form of an internal document classified as
confidential.
b) A security administrator informs the user of an initial value after initializing the user’
s password, and then the user changes it to a new password.
c) A security administrator makes a copy of the password, which is stored in an encrypted form, in the common area, and then informs the user of the decryption key by telephone.
d) A security administrator decodes the password which is managed in an encrypted
form, and then informs the user of that password by e-mail.
9-21
Which of the following is the appropriate description of measures against computer viruses?
a)
b)
c)
d)
307
Virus checking is unnecessary while the PC is operating normally.
The virus definition file in antivirus software is updated to the latest one.
Virus checking is unnecessary if the digital signature is attached to the program.
Virus checking is unnecessary for the software that one of your friends gave you.