CCSP SECUR FAQ : Network Security Essentials
Q1. Which of the following should be included in the security policy?
A. Capabilities of the firewall
B. Manufacturer of the firewall
C. User responsibilities
D. Sanctions for violating the policy
E. A network diagram
F. Routing protocols used
Q2. Which of the following employees should have access to a copy of the security policy?
B. Network engineers
C. Human resources
D. Temporary employees
E. All employees
Q3. Which of the following is true about a security policy?
A. The policy should require testing.
B. The policy should not be revealed to the general public.
C. Cisco equipment should be specified.
D. The policy is a business document, not a technical document.
E. The policy should be changed every six months.
Q4. Which of the following are acts directed by “the security wheel”?
E. Monitoring and responding
Q5. Which of the following are benefits of a security policy?
A. Leads to stability of the network
B. Allows management to bypass security efforts
C. Allows the technical team to have an unlimited budget
D. Enables users to know the consequences of their actions
E. Informs the user of how to break into systems
Q6. What are reasons for implementing a security policy?
F. Enables management to judge the effectiveness of security efforts
G. Enables the technical team to understand their goals
H. Enables users to browse the web without fear of getting a virus
I. Enables management to justify a larger technical team
J. Lessens costs due to network downtime
Q7. True or False: The security policy is a document that is designed to allow the business to participate in certain electronic communications?
Q8. Choose the six main goals of security policy:
A. Guides the technical team in purchasing equipment
B. Guides the technical team in choosing their equipment
C. Guides the technical team in configuring the equipment
D. Gains management approval for new personnel
E. Defines the use of the best-available technology
F. Defines the responsibilities for users and administrators
G. Defines sanctions for violating the policies
H. Provides a Cisco-centered approach to security
I. Defines responses and escalations to recognized threats
Q9. What is the determining factor when evaluating the business need against the security posture?
A. Security is always the most important.
B. The business need overrides security.
C. You have to factor security with the Bell-LaPadula Security Model.
D. Security isn’t important unless your business is big enough to sue.
E. None of the above.
Q10. What IETF RFC governs the Site Security Handbook?
A. RFC 1918
B. RFC 2196
C. RFC 1700
D. RFC 1500
Q11. True or False: Network security can be achieved by having consultants install firewalls at your network perimeter.
Q12. Why is consistency important in a network policy?
Q13. Why is it so important that management accept the policy?
Q14. How often should testing occur?
Q15. When should monitoring occur?
Q16. Why is it necessary to even have a written security policy?
Q17. Why is it important to specify sanctions for failing to abide by the security policy?
Q18. Why is it not a security risk to publish the security policy on a public website?
Q19. Why is the security policy shown in the center of the security wheel?
Q20. Why should a policy be implemented globally? Why not just implement it at one site?
Q21. Why is flexibility important in a security policy?
Q22. What organization published the Site Security Handbook?