12.3

Question 1

AUP

Answer 1

Acceptable use policy

Question 2

The security policy should consist of these 4 complementary documents/policies

Answer 2

Governing Policy, Technical Policies, End-User Policies; Standards, Guidelines, and Procedures.

Question 3

Name thee detailed documents that are often contained in a security policy

Answer 3

Standards, Guidelines, Procedures.

Question 4

3 elements for an effective argument in Incident Response:

Answer 4

Motive, Means, Opportunity.

Question 5

The preservation of evidence, data, and details is referred to as:

Answer 5

Legal hold

Question 6

Examples of vulnerability scanners:

Answer 6

Nessus, Nmap

Question 7

Honey pot/net can be used to…

Answer 7

Act as a distraction or as a system that is extensively monitored to learn what an attacker is attempting to do on the system

Question 8

ACL + definition

Answer 8

Access Control Lists are rules usually applied to router interfaces that specify permitted and denied traffic

Question 9

Physical security controls and devices are categorized into these two cats

Answer 9

Detection and Prevention

Question 10

Detection techniques and devices:

Answer 10

Motion detection, Video surveillance, asset tracking tags, tamper protection.

Question 11

Prevention techniques and devices:

Answer 11

Badges, Biometics, Smart Cards, Key Fobs, Locks.

Question 12

Steps in Network Device Hardening:

Answer 12

Changing default credentials, avoiding common passwords, upgrading firmware, patching and updating, file hashing, disabling unnecessary services, using secure protocols, generating new keys, disabling unused ports, changing the native VLAN.

Question 13

Layer 2 Protections:

Answer 13

Spanning tree protections, DHCP snooping, VLAN segmentation.