Network Policies (3.2)

Question 1

IT Governance

Answer 1

o Used to provide a comprehensive security management framework for the
organization
▪ Policies
▪ Standards
▪ Baselines
▪ Guidelines
▪ Procedures

Question 2

Policy

Answer 2

o Defines the role of security inside of an organization and establishes the desired
end state for that security program
▪ Organizational
▪ System-specific
▪ Issue-specific

Question 3

Organizational

Answer 3

o Provides framework to meet the business goals and define the roles,
responsibilities, and terms associated with it

Question 4

System-specific

Answer 4

o Addresses the security of a specific technology, application, network, or
computer system

Question 5

Issue-specific

Answer 5

o Addresses a specific security issue such as email privacy, employee termination
procedures, or other specific issues

Question 6

Standard

Answer 6

o Implements a policy in an organization

Question 7

Baseline

Answer 7

o Creates a reference point in network architecture and design

Question 8

Guideline

Answer 8

o Recommended action that allows for exceptions and allowances in unique
situations

Question 9

Procedure

Answer 9

o Detailed step-by-step instructions created to ensure personnel can perform a
given task or series of actions

Question 10

Change Management

Answer 10

▪ Structured way of changing the state of a computer system, network, or
IT procedure
▪ Make sure the risks are considered prior to implementing a system or
network change
● Planned
● Approved
● Documented

Question 11

Incident Response Plan

Answer 11

▪ Contains instructions to help network and system administrators detect,
respond to, and recover from network security incidents
● Preparation
● Identification
● Containment
● Eradication
● Recovery
● Lessons learned

Question 12

Disaster Recovery Plan

Answer 12

▪ Documents how an organization can quickly resume work after an
unplanned incident

Question 13

Business Continuity Plan

Answer 13

o Outlines how a business will continue operating during an
unplanned disruption in service
o A disaster recovery plan will be referenced from a business
continuity plan

Question 14

System Life Cycle Plan

Answer 14

o Describes the approach to maintaining an asset from

creation to disposal

Question 15

Planning

Answer 15

o Involves the planning and requirement analysis for a given
system, including architecture outlining and risk
identification

Question 16

Design

Answer 16

o Outlines new system, including possible interconnections,

technologies to use, and how it should be implemented

Question 17

Transition

Answer 17

o Actual implementation, which could involve coding new
software, installing the systems, and network cabling and
configurations

Question 18

Operations

Answer 18

o Includes the daily running of the assets, as well as

updating, patching, and fixing any issues that may occur

Question 19

Retirement

Answer 19

o End of the lifecycle and occurs when the system or

network no longer has any useful life remaining in it

Question 20

Standard Operating Procedure

Answer 20

▪ A set of step-by-step instructions compiled by an organization to help its
employees carry out routine operations

Question 21

Password Policy

Answer 21

▪ A set of rules created to improve computer security by motivating users
to create and properly store secure passwords

Question 22

Acceptable Use Policy (AUP)

Answer 22

▪ A set of rules that restricts the ways in which a network resource may be
used and sets guidelines on how it should be used

Question 23

Bring Your Own Device (BYOD) Policy

Answer 23

▪ Allows employees to access enterprise networks and systems using their
personal mobile devices
▪ Create a segmented network where the BYOD devices can connect to

Question 24

Remote Access Policy

Answer 24

▪ A document which outlines and defines acceptable methods of remotely
connecting to the internal network

Question 25

Onboarding Policy

Answer 25

▪ A documented policy that describes all the requirements for integrating a
new hire into the company and its cultures

Question 26

Offboarding Policy

Answer 26

▪ A documented policy that covers all the steps to successfully part ways
with an employee who’s leaving the company

Question 27

Security Policy

Answer 27

▪ A document that outlines how to protect the organization’s systems,
networks, and data from threats

Question 28

Data Loss Prevention Policy

Answer 28

▪ A document defining how organizations can share and protect data
▪ Data loss prevention policy minimizes accidental or malicious data loss
▪ Set proper thresholds for your DLP policy

Question 29

Non-Disclosure Agreement (NDA)

Answer 29

▪ Defines what data is confidential and cannot be shared outside of that
relationship
▪ A non-disclosure agreement is an administrative control
● Fines
● Forfeiture of rights
● Jail time

Question 30

Memorandum of Understanding (MOU)

Answer 30

▪ Non-binding agreement between two or more organizations to detail
what common actions they intend to take
▪ Often referred to as a letter of intent
▪ Usually used internally between two business units

Question 31

Service-Level Agreement (SLA)

Answer 31

▪ Documents the quality, availability, and responsibilities agreed upon by a
service provider and a client