Config Router

You are here: Home / Cisco / CCSP SECUR FAQ : Network Security Essentials

CCSP SECUR FAQ : Network Security Essentials

by

CCSP SECUR FAQ : Network Security Essentials

Q1. Which of the following should be included in the security policy?
A. Capabilities of the firewall
B. Manufacturer of the firewall
C. User responsibilities
D. Sanctions for violating the policy
E. A network diagram
F. Routing protocols used

Answer: A, C, D, E

Q2. Which of the following employees should have access to a copy of the security policy?
A. Managers
B. Network engineers
C. Human resources
D. Temporary employees
E. All employees

Answer: E

Q3. Which of the following is true about a security policy?
A. The policy should require testing.
B. The policy should not be revealed to the general public.
C. Cisco equipment should be specified.
D. The policy is a business document, not a technical document.
E. The policy should be changed every six months.

Answer: A, D

Q4. Which of the following are acts directed by “the security wheel”?
A. Configuring
B. Securing
C. Implementation
D. Testing
E. Monitoring and responding

Answer: B, D, E

Q5. Which of the following are benefits of a security policy?
A. Leads to stability of the network
B. Allows management to bypass security efforts
C. Allows the technical team to have an unlimited budget
D. Enables users to know the consequences of their actions
E. Informs the user of how to break into systems

Answer: A, D

Q6. What are reasons for implementing a security policy?
F. Enables management to judge the effectiveness of security efforts
G. Enables the technical team to understand their goals
H. Enables users to browse the web without fear of getting a virus
I. Enables management to justify a larger technical team
J. Lessens costs due to network downtime

Answer: A, B, E

Q7. True or False: The security policy is a document that is designed to allow the business to participate in certain electronic communications?
A. True
B. False

Answer: True

Q8. Choose the six main goals of security policy:
A. Guides the technical team in purchasing equipment
B. Guides the technical team in choosing their equipment
C. Guides the technical team in configuring the equipment
D. Gains management approval for new personnel
E. Defines the use of the best-available technology
F. Defines the responsibilities for users and administrators
G. Defines sanctions for violating the policies
H. Provides a Cisco-centered approach to security
I. Defines responses and escalations to recognized threats

Answer: B, C, E, F, G, I

Q9. What is the determining factor when evaluating the business need against the security posture?
A. Security is always the most important.
B. The business need overrides security.
C. You have to factor security with the Bell-LaPadula Security Model.
D. Security isn’t important unless your business is big enough to sue.
E. None of the above.

Answer: E

Q10. What IETF RFC governs the Site Security Handbook?
A. RFC 1918
B. RFC 2196
C. RFC 1700
D. RFC 1500

Answer: B

Q11. True or False: Network security can be achieved by having consultants install firewalls at your network perimeter.
A. True
B. False

Answer: False

Q12. Why is consistency important in a network policy?

Answer: Consistency is important for two main reasons. First, it may be nearly impossible to enforce something that is not consistently applied. Second, a consistent policy is less open to interpretation. Therefore, there is a greater chance that the goals of the policy are fulfilled.

Q13. Why is it so important that management accept the policy?

Answer: Because management’s task is to make the company run, they are ultimately in charge of what initiatives take precedence over other initiatives. Also, because management is tasked with ensuring that employees obey policies, no policy can succeed unless management agrees with that policy.

Q14. How often should testing occur?

Answer: There is no specific time between testing cycles. Because the security wheel is a never-ending process, testing needs to occur after any significant change to the network. In very large organizations, testing can and should be a continuous process. In a very small organization, testing may occur only once per year.

Q15. When should monitoring occur?

Answer: Monitoring should be continuous, with new monitoring added when changes to the network occur.

Q16. Why is it necessary to even have a written security policy?

Answer: Without a written policy, there can be no formalized way of ensuring that the goals for network security are fulfilled. The written plan, among other benefits, enables management and the technical team to gain feedback on their efforts.

Q17. Why is it important to specify sanctions for failing to abide by the security policy?

Answer: To effectively enforce the policy, there must be sanctions for failing to abide by that policy. In the same way that almost all human resources departments have sanctions for unacceptable behavior, the security policy must have sanctions.

Q18. Why is it not a security risk to publish the security policy on a public website?

Answer: The security policy is not a technical document. No IP addresses, specific equipment, or specific techniques should be stated within the document. If the policy is written correctly, distributing the policy is not a security concern. The implementation plan for a section of the policy is where specifics, such as the equipment used or the specific configurations, are stated.

Q19. Why is the security policy shown in the center of the security wheel?

Answer: The security policy is the driving force that causes all four of the steps of the security wheel to occur. It is the policy that dictates the need to secure, test, monitor, and improve.

Q20. Why should a policy be implemented globally? Why not just implement it at one site?

Answer: Many companies with electronic communications between sites fail to properly secure between these sites. In these cases, a breach at any one site exposes the whole of the corporate network to attacks. Although it is possible to implement specific equipment and configurations at individual sites, only a comprehensive approach to security ensures that the entire corporate network is as secure as possible.

Q21. Why is flexibility important in a security policy?

Answer: The security policy should be specific enough to define all requirements, but not so inflexible that it does not account for growth within the organization or changes in infrastructure. Keep in mind that the security policy is a living document and should constantly be reviewed and modified as necessary to ensure its relevance for the organization.

Q22. What organization published the Site Security Handbook?

Answer: Internet Engineering Task Force (IETF)

More Resources