A+ 2.9.5 Documentation (Practice Questions)
Which of the following BEST describes a Security Policy? [ ] A document that outlines who has access to company resources. [ ] A document or collection of documents that provide information about an organization's network security. [ ] A document that defines how often backups should run and where they should be saved. [ ] A document that outlines how long a password should be and which characters can be used in the password.
A document or collection of documents that provide information about an organization's network security.
Your organization has expanded into an adjacent office. You have been tasked with laying cables to connect the new space with the existing space. Which document should you look at to ensure that there will be no interference or damage to the cables from existing infrastructure? [ ] Floor plan [ ] Network topology diagram [ ] Physical security diagram [ ] Knowledge base
Floor plan
You are an information security specialist in charge of developing and implementing security measures for your company. You are currently working with the company's IT system administrator to make sure that all policies and procedures meet city, state, and industry regulations. You have noted that employees often allow coworkers into restricted areas who may not have authorized access. In addition, employees often work from home using company laptops that are often unsecure and frequently contain sensitive company data on the local hard drive. SOLUTION: You update the Acceptable Use Policy (AUP) to clearly state that only authorized employees can access restricted areas with a proper key fob (no tailgating), along with any penalties for non-compliance. To address the laptop security issue, you work with the IT system administrator to update the network diagram and inform employees of the changes to help secure their laptops. Does this solution provide a reasonable approach for addressing the security area and work-from-home issues? (Yes/No)
No
Jared, an employee in Human Resources, left the company two months ago as part of a company downsizing initiative. A new Human Resources VP is now running the department and has re-hired Jared to work as a manager in Human Resources. As a new IT system administrator for the company, you have been assigned to re-establish all of Jared's accounts, including network accounts, email, software, and VPN access. However, you discover that no accounts exist for Jared. What should have been done during Jared's offboarding process to make sure his accounts were still available for a period of time? [ ] The accounts should have been disabled instead of deleted. [ ] The account passwords should have been changed. [ ] The accounts should have been deleted, but not removed from the trash. [ ] The accounts should have been left in place for a required period of time.
The accounts should have been disabled instead of deleted.
Which document outlines how to communicate standards, procedures, and baselines that help an employee perform their job safely and effectively? [ ] Acceptable Use Policy (AUP) [ ] User Education and Awareness Policy [ ] Bring Your Own Device (BYOD) Policy [ ] Security Policy
User Education and Awareness Policy
Which of the following documents might a new employee need to sign during the onboarding process? (Select two.) [ ] Regulatory and Compliance Policy [ ] Backup Policy [ ] User Education and Awareness Policy [ ] Bring Your Own Device (BYOD) Policy [ ] Acceptable Use Policy (AUP)
[x] Bring Your Own Device (BYOD) Policy [x] Acceptable Use Policy (AUP)
You plan on including Employee Education and Awareness Policy training for all new employees. As part of that training, which of the following should you instruct your employees NOT to do as part of company procedures? (Select three.) [ ] Become familiar with the company Security Policy. [ ] Click on links in a phishing email. [ ] Install software on their company laptops. [ ] Bring your own devices to work. [ ] Connect unauthorized devices. [ ] Respond to social engineering attacks. [ ] Access restricted areas in the company building.
[x] Click on links in a phishing email. [x] Connect unauthorized devices. [x] Respond to social engineering attacks.
Which of the following are procedures that should be included when offboarding (ending a relationship with) an employee? (Select two.) [ ] Make sure the employee has access to the company's knowledge base. [ ] Review the Acceptable Use Policy (AUP) with the employee. [ ] Collect physical access items from the employee. [ ] Have the employee sign a Non-Disclosure Agreement. [ ] Disable electronic access for the employee.
[x] Collect physical access items from the employee. [x] Disable electronic access for the employee.
You are responsible for updating your company's onboard training for all new employees. Which of the following items are important to include in that training? (Select three.) [ ] The help desk's contact information [ ] The Security Policy [ ] The Data Backup Policy [ ] The process for reporting suspicious behavior [ ] The network diagram [ ] The procedure for closing user accounts [ ] The User Education and Awareness Policy
[x] The help desk's contact information [x] The Security Policy [x] The process for reporting suspicious behavior
Which of the following are included in a network topology diagram? (Select two.) [ ] A layout of all electrical wiring and components. [ ] A layout of all plumbing and HVAC components. [ ] The relationship between remote locations and the WAN links that connect them. [ ] A layout of server racks, cooling, and air circulation systems. [ ] The location and IP addresses of hubs, switches, routers, and firewalls.
[x] The relationship between remote locations and the WAN links that connect them. [x] The location and IP addresses of hubs, switches, routers, and firewalls.
