2.9 ~ Documentation
Which of the following documents might a new employee need to sign during the on boarding process? (Select two.) a. Acceptable use policy (AUP) b. Regulatory and compliance policy c. Backup policy d. User education and awareness policy e. Bring your own device (BYOD) policy
a. Acceptable use policy (AUP) e. Bring your own device (BYOD) policy
Which of the following are procedures that should be included when off boarding (ending a relationship with) an employee?) (Select two.) a. Collect physical access items from the employee b. Disable electronic access for employees c. Review the acceptable use policy (AUP) with the employee d. Have the employee sign a non-disclosure agreement e. Make sure the employee has access to the company's knowledge base
a. Collect physical access items from the employee b. Disable electronic access for employees
You plan on including Employee Education and Awareness Policy training for all new employees. As part of that training, which of the following should you instruct your employees NOT to do as part of company procedures? (Select three.) a. Respond to social engineering attacks b. Access restricted areas in the company building c. Bring your own device to work d. Click on links in a phishing email e. Install software on their company laptops f. Connect unauthorized devices g. Become familiar with the company security policy
a. Respond to social engineering attacks d. Click on links in a phishing email f. Connect unauthorized devices
Jared, an employee in Human Resources, left the company two months ago as part of a company downsizing initiative. A new Human Resources VP is now running the department and has re-hired Jared to work as a manager in Human Resources. As a new IT system administrator for the company, you have been assigned to re-establish all of Jared's accounts, including network accounts, email, software, and VPN access. However, you discover that no accounts exist for Jared. What should have been done during Jared's off boarding process to make sure his accounts were still available for a period of time? a. The accounts should have been disabled instead of deleted b. The account passwords should have been changed c. The accounts should have been left in place for a required period of time d. The accounts should have been deleted, but not removed from the trash
a. The accounts should have been disabled instead of deleted
You are responsible for updating your company's onboard training for all new employees. Which of the following items are important to include in that training? (Select three.) a. The process for reporting suspicious behavior b. The help desk's contact information c. The security policy d. The network diagram e. The data backup policy f. The user education and awareness policy g. The procedure for closing user accounts
a. The process for reporting suspicious behavior b. The help desk's contact information c. The security policy
You are an information security specialist in charge of developing and implementing security measures for your company. You are currently working with the company's IT system administrator to make sure that all policies and procedures meet city, state, and industry regulations. You have noted that employees often allow coworkers into restricted areas who may not have authorized access. In addition, employees often work from home using company laptops that are often unsecure and frequently contain sensitive company data on the local hard drive. SOLUTION: You update the Acceptable Use Policy (AUP) to clearly state that only authorized employees can access restricted areas with a proper key fob (no tailgating), along with any penalties for non-compliance. To address the laptop security issue, you work with the IT system administrator to update the network diagram and inform employees of the changes to help secure their laptops. Does this solution provide a reasonable approach for addressing the security area and work-from-home issues? a. Yes b. No
b. No
Your organization has expanded into an adjacent office. You have been tasked with laying cables to connect the new space with the existing space. Which document should you look at to ensure that there will be no interference or damage to the cables from existing infrastructure? a. Network topology diagram b. Knowledge base c. Floor plan d. Physical security diagram
c. Floor plan
Which of the following are included in a network topology diagram? (Select two.) a. A layout of server racks, cooling, and air circulation systems b. A layout of all plumbing and HVAC components c. The relationship between remote locations and the WAN links that connect them d. A layout of all electrical wiring and components e. The location and IP addresses of hubs, switches, routers, and firewalls
c. The relationship between remote locations and the WAN links that connect them e. The location and IP addresses of hubs, switches, routers, and firewalls
Which of the following BEST describes a Security Policy? a. A document that outlines how long a password should be and which characters can be used in the password b. A document that outlines who has access to company resources c. A document that defines how often backups should run and where they should be saved d. A document or collection of documents that provide information about an organization's network security
d. A document or collection of documents that provide information about an organization's network security
Which document outlines how to communicate standards, procedures, and baselines that help an employee perform their job safely and effectively? a. Security policy b. Acceptable use policy (AUP) c.Bring your own device (BYOD) policy d. User education and awareness policy
d. User education and awareness policy
