INFX Chapter 12.3: Security Policies
Which policy are the formal rules and guidelines that a business puts in place to hire, train, assess, and reward the members of their company?
Human Resource Policies
What is the most common security policy failure?
Lack of user awareness
A code of ethics accomplishes all but which of the following?
Clearly defines courses of action to take when a complex issue is encountered.
What is the primary goal of business continuity planning?
Maintaining business operations with reduced or restricted infrastructure capabilities or resources
Which policy outlines how the organization will secure private information for employees, clients, and customers?
Privacy Policy
Which policy privileged user account is any account that gives full access to the system?
Privileged User Account Policy
Which policy these accounts give users the ability to access and modify critical system settings, view restricted data, and so on?
Privileged User Account Policy
When analyzing assets, which analysis method assigns financial values to assets?
Quantitative
Which policy is a document that outlines and defines remote connections methods that are accepted by a company?
Remote Access Policy
Your company has developed and implemented countermeasures for the greatest risks to their assets. However, there is still some risk left. What is the remaining risk called?
Residual risk
Which policy defines the overall security outlook for an organization?
Security Policy
Which business document is a contract that defines the tasks, time frame, and deliverables that a vendor must perform for a client?
Statement of work
Arrange the steps in the change and configuration management process on the left into correct completion order on the right.
1. Identify 2. Conduct . 3. Define 4. Notify 5. Implement 6. Test 7. Document
Which of the following is an example of an internal threat?
A user accidentally deletes the new product designs.
Which policy identifies whether employees have rights to use company property, such as internet access and computer equipment, for personal use?
Acceptable Use Policy (AUP)
Which of the following defines an acceptable use agreement?
An agreement that identifies the employee's rights to use company property, such as internet access and computer equipment, for personal use.
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before implementing that device?
Change management
Which policy documents access control to company resources and information. This policy specifies who is allowed to access an organization's various systems?
Authorized Access Policy
You are concerned about the amount of traffic that passed through a router on your network. You want to see how the amount of traffic has changed over time. Which document would help you identify past average network traffic?
Baseline
In business continuity planning, what is the primary focus of the scope?
Business processes
Which policy provides a structured approach to securing company assets and making process changes?
Change and Configuration Management Policy
You are troubleshooting a workstation connection to the network. During your troubleshooting, you replace the drop cable connecting the computer to the network. Which type of document should you update?
Change documentation
Which of the following network strategies connects multiple servers together so that if one server fails, the others immediately take over its tasks, preventing a disruption in service?
Clustering
What is a set of rules or standards that help you to act ethically in various situations?
Code of Ethics
You want to make sure that the correct ports on a firewall are open or closed. Which document should you check?
Configuration documentation
When recovery is being performed due to a disaster, which services are to be stabilized first?
Mission critical
When troubleshooting a router, you want to identify which other devices are connected to the router, as well as the subnet addresses of each connected subnet. Which type of document would most likely have this information?
Network diagram
What is when the relationship with the third party ends, you need to ensure that all of the doors that were opened between organizations during the onboarding phase are closed?
Off-boarding
When one organization needs to work directly with another in either a vendor or partner relationship, steps should be taken to ensure that the integration process maintains the security of each party's network?
Onboarding
Which policy details the requirements for passwords?
Password Policy
A new law was recently passed that states that all businesses must keep a history of the emails sent between members of the board of directors. You need to ensure that your organization complies with this law. Which document type would you update first in response to this new law?
Policy
Which policy outlines how personally identifiable information (PII) can be used and how it is protected from disclosure?
Privacy Policy
Purchasing insurance is what type of response to risk?
Transference
Which policy identify actions that must take place when an employee's status changes?
User Management Policy
Which policy is the administrator of a network for an organization needs to be aware of new employees, employee advancements and transfers, and terminated employees to ensure the security of the system?
User Management Policy
You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the computer's user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?
User awareness training
Which of the following terms describes a test lab environment that does not require the use of physical hardware?
Virtual sandbox
When is choosing to do nothing about an identified risk acceptable?
When the cost of protecting the asset is greater than the potential loss
Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet?
Wiring schematic
