Back to Network Security

Security Policies and Procedures

5 minutes 5 Questions

Security policies and procedures are essential components of an effective network security strategy. They provide a framework for defining and communicating an organization's security requirements, processes, and responsibilities. Security policies are high-level documents that outline the rules an…

Test mode:
Start practice test
CompTIA Network+ - Security Policies and Procedures Example Questions

Test your knowledge of Security Policies and Procedures

Question 1

Scenario 3: A software development company deals with sensitive client information and wants to prevent employees from disclosing any of this information to unauthorized individuals. What security policy should be implemented?

Correct Answer: Non-disclosure agreement (NDA)

A non-disclosure agreement (NDA) is a legally binding contract between the company and its employees, requiring them to keep sensitive information confidential and not disclose it to unauthorized individuals.

Question 2

A company has recently experienced a network intrusion due to an unauthorized user gaining access to their confidential data. What should the network administrator implement to best prevent this type of breach?

Correct Answer: Implement a strong password policy

The best way for the network administrator to prevent unauthorized access to the company's confidential data is to implement a strong password policy. This will likely include requirements for password length, complexity, and frequency of changes. This measure is critical to improve the security of user accounts and reduce the risk of unauthorized access. Reducing firewall settings or disabling intrusion detection systems would instead weaken network security, which is inappropriate and could lead to further security breaches. Granting all users administrative rights is also not a good strategy as it can result in privilege misuse or abuse, and it increases the number of potential targets for external threats.

Question 3

A company's network is continuously being targeted by hackers attempting to steal sensitive financial information. Which of the following measures should they implement?

Correct Answer: Install an intrusion prevention system (IPS) to detect and block attacks

The best measure they should implement to protect sensitive financial information from hackers is to 'Install an intrusion prevention system (IPS) to detect and block attacks'. An IPS is a critical part of a robust security posture as it protects a network by inspecting the traffic, and then taking appropriate actions like alerting, blocking, or reporting suspicious activities 'Storing passwords in plaintext documents' is a bad security practice because if a hacker gains access to this document, they would gain immediate access to all the stored passwords in plaintext, compromising all relevant accounts Allowing 'external devices to access the network without authentication' would be inviting security issues as almost anyone could gain access to your network and the sensitive data within. This goes against basic tenets of network security which supports strong authentication 'Disabling encryption for all data' would mean that any data transmitted or stored is easily readable by anyone who gained unauthorized access. Encryption is a basic practice to ensure data confidentiality by making it unreadable to unauthorized parties Thus, the most effective measure among the options provided in safeguarding the company's network would be installing an IPS.

More Security Policies and Procedures questions
28 questions (total)
Start 28 question test