Q 1. During the review, you audit the client's data destruction policy. You ask the client whether the company they use to destroy their secure media is regulated or not. What is the Industry Standards Body that oversees the Information Destruction Industry?
During the audit, a user approaches you and mentions that they have received a suspicious email and clicked on the link, therefore, infecting their whole machine. What steps would you recommend to protect the client against Phishing attacks?
Note: There can be multiple correct answers to this question.
Q 3. When reviewing the Acceptable Use Policy for a client, you notice that there is no classification on the document. What should the document be classified as?