11.5.7 Organization Policies
Which of the following pieces of information are you MOST likely to find in a policy document? - A requirement for using encrypted communications for web transactions - The IP address assigned to a router interface - Steps for completing and validating nightly backups - Average performance statistics for a router
A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but it doesn't necessarily define how the goal is to be reached. In this question, a policy might contain a requirement that encrypted communications are required for web transactions. The policy does not state the method that will be deployed, just that encryption is a requirement. The type of encryption to be used, along with the process for implementing it, would be included in a procedure document. A procedure is a step-by-step process outlining how to implement a specific action. As another example, a procedure document might include steps for completing and validating nightly backups. You might find the IP address for a device's interface in the configuration documentation or a network diagram. A baseline is a snapshot of the performance statistics for your network and devices. A baseline would include a router's average performance information.
Which of the following defines an Acceptable Use Agreement? - An agreement that outlines the organization's monitoring activities. - A legal contract between the organization and the employee that specifies that the employee is not to disclose the organization's confidential information. - An agreement that prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization. - An agreement that identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use.
An agreement that identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use. An Acceptable Use Agreement identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use. A Non-Compete Agreement prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization. An Employee Monitoring Agreement outlines the organization's monitoring activities. A Non-Disclosure Agreement (NDA) is a legal contract between the organization and the employee that specifies that the employee is not to disclose the organization's confidential information.
You want to make sure that the correct ports on a firewall are open or closed. Which document should you check? - Baseline configurations - Wireless site survey - Wiring schematic - Intermediate distribution frame
Baseline configurations Baseline configuration documentation identifies specific configuration information for a device. For example, a configuration document for a firewall might include information about the IP addresses assigned to each interface and open firewall ports. A wiring diagram is a type of network diagram that focuses on the physical connections between devices. A site survey ensures that a wireless network performs as desired. A traditional intermediate distribution frame is a smaller wiring distribution frame or rack within a building.
In business continuity planning, what is the primary focus of the scope? - Business processes - Human life and safety - Company assets - Recovery time objective
Business processes Business processes are the primary focus of the scope within business continuity planning (BCP). Company assets are the focus of risk assessment for security policy development, not BCP. Human life and safety are considerations for emergency response, not BCP. Recovery time objective is a consideration of emergency response development, not BCP.
You plan to implement a new security device on your network. Which of the following policies outlines the process you should follow before you implement that device? - Service Level Agreement - Resource Allocation - Acceptable Use - Change Management
Change Management A Change Management Policy provides a structured approach to secure company assets and make changes to those assets. This type of policy: Establishes hardware, software, and infrastructure configurations that are to be deployed universally throughout the corporation. Tracks and documents significant changes to the infrastructure. Assesses the risk of implementing new processes, hardware, or software. Ensures that proper testing and approval processes are followed before changes are allowed. An Acceptable Use Policy (AUP) identifies the employees' rights to use company property, such as internet access and computer equipment, for personal use. A Resource Allocation Policy outlines how resources are allocated. Resources could include staffing, technology, or budgets. Service Level Agreements (SLAs), sometimes called maintenance contracts, guarantee a network client a certain quality of service from the provider.
Which of the following information are you MOST likely to find in a procedure document? - The relationship of routers to other routers on the network - A record of the repairs made to a specific device - Details on how to test and deploy patches - An inventory of the hardware components inside a specific device
Details on how to test and deploy patches A procedure is a step-by-step process outlining how to implement a specific action. For example, you might have a procedure document that identifies how patches are tested and applied within your network. Change, or history, documentation keeps track of changes to device or network configuration. For example, you might record a change in a network interface card or to a WAN link. Configuration documentation identifies specific configuration information for a device. For example, the document might identify the hardware components within a device. A network diagram shows the logical and/or physical layout of your network. The network diagram could be a collection of diagrams showing the location and IP addresses of hubs, switches, routers, and firewalls.
Which of the following provides a layout of all electrical, plumbing, HVAC, and networking wiring and components? - Wiring diagram - Network diagram - Rack diagram - Floor plan
Floor plan A floor plan provides a layout of all electrical, plumbing, HVAC, and networking wiring and components. A rack diagram, network diagram, and wiring diagram provide layouts for networking infrastructure, but they do not include electrical, plumbing, and HVAC information.
Which of the following provides information on the subnets within your network, including the subnet addresses and the routers connecting each subnet? - Rack diagram - Network diagram - Floor plan - Wiring diagram
Network diagram A network diagram includes a layout of the subnets within your network, including the subnet addresses and the routers connecting each subnet. A wiring diagram, rack diagram, and floor plan provide information about your physical network, but they do not include subnet information.
Which of the following is a contract in which both parties agree not to share proprietary or confidential information gathered during the business relationship? - Service Level Agreement - Non-Disclosure Agreement - Non-Compete Agreement - Memorandum of Understanding
Non-Disclosure Agreement A Non-Disclosure Agreement (NDA) is a contract in which both parties agree not to share proprietary or confidential information gathered during the business relationship. A Non-Compete Agreement, a Service Level Agreement, and a Memorandum of Understanding are initiated at the start of a third-party relationship, but they do not address the sharing of confidential information.
Which type of documentation would you consult to find the location of RJ45 wall jacks and their endpoints in the intermediate distribution closet? - Policy - Wiring schematic - Baseline - Procedure
Wiring schematic A wiring schematic is a type of network diagram that focuses on the physical connections between devices. The wiring diagram typically shows: The location of drop cables and ports within offices or cubicles. The path that wires take between wiring closets and offices. A labeling scheme that matches endpoints in offices and cubicles with specific switch ports or punch down block locations. A baseline is a record that shows normal network statistics. A policy is a document that describes the overall goals and requirements for a network. A policy identifies what should be done, but it doesn't necessarily define how the goal is to be reached. A procedure is a step-by-step process outlining how to implement a specific action. A procedure is guided by goals defined in the policy but goes beyond it by identifying specific steps that are to be implemented.