Organizational Documents and Policies

Question 1

Which of the following is not a typical best practice in a password policy?
a. Expire passwords regularly
b. Use of uppercase and lowercase letters only in passwords
c. Require password uniqueness
d. Ban use of proper names in passwords

Answer 1

Answer: b. A strong password should include uppercase letters, lowercase letters, numbers, and special characters.

Question 2

Which of the following is not an area typically targeted by a data loss prevention policy?
a. Cloud level
b. Network level
c. Client level
d. Storage level

Answer 2

Answer: a. Data loss prevention policies typically categorize activities at the
client, network, and storage levels.

Question 3

An incident response policy often ends with which phase?
a. Prepare
b. Contain
c. Review
d. Eradicate

Answer 3

Answer: c. Typical phases of incident response include prepare, identify, contain, eradicate, recover, and review.

Question 4

What should you follow closely when installing new network equipment?
a. YouTube videos
b. Certified training courses
c. Installation and maintenance guides
d. IETF guidelines

Answer 4

Answer: c. For the highest degree of safety, you should always follow the vendor instructions.

Question 5

Which agreement would need to be read carefully and signed by an end user
in the Sales department regarding the technology they were granted access to?
a. AUP
b. SLA
c. PUA
d. Vacation policy

Answer 5

Answer: c. A privileged user agreement (PUA) targets administrators and others who have elevated levels of access on the network.

Question 6

You are discussing a legally binding document that organizations might
require of both their own employees and anyone else who comes into contact
with confidential information. What is this document called?
a. NDA
b. DLP
c. SOP
d. MOU

Answer 6

Answer: a. A non-disclosure agreement (NDA) is a legally binding document
that organizations might require of both their own employees and anyone else
who comes into contact with confidential information, including vendors, consultants, and contractors. The purpose of an NDA is to protect an organization’s intellectual property and trade secrets.

Question 7

What is often the last stage of a system life cycle used in a network?
a. Phase-out
b. Disposal
c. Support
d. Development

Answer 7

Answer: b. Typical life cycle phases are conceptual design, preliminary system
design, detailed design and development, production and construction, utilization and support, phase-out, and disposal.

Question 8

You have created written instructions that detail organizational procedures to
be followed when an employee leaves the organization or is terminated. What
type of document is this?
a. Data loss prevention policy
b. Service-level agreement
c. Onboarding procedures
d. Offboarding procedures

Answer 8

Answer: d. When employees leave the organization, offboarding procedures
need to be in place to ensure that in addition to all access being removed,
equipment and data are returned. The process should be clear regarding expectations, particularly those related to confidential or internal-use-only data.