Back to CompTIA Security+ (CompTIA Security+)

Security Policies and Procedures

Developing organizational security measures

This subtopic covers the creation of security policies and procedures for an organization to maintain an effective security posture. Documentation, auditing, and revision frameworks are also discussed.
5 minutes 5 Questions

Security Policies and Procedures form the foundational governance documentation that guides an organization's security posture. Security policies are high-level documents that outline an organization's security goals, requirements, and management's intent regarding information security. They establ…

Concepts covered: Change Management, Compliance and Auditing, Identity and Access Management, Encryption and Cryptography, Data Classification, Asset Management, Security Policy Development, Access Control, Security Awareness and Training, Business Continuity and Disaster Recovery, Network Security

Test mode:
Start practice test
CompTIA Security+ - Security Policies and Procedures Example Questions

Test your knowledge of Security Policies and Procedures

Question 1

An insider threat is discovered within a company causing severe damage to the business. Which of the following should be implemented to detect and prevent such incidents in the future?

Correct Answer: User activity monitoring and access controls

User activity monitoring and strict access controls are essential to detect and prevent insider threats. The other options are important for various business continuity and disaster recovery issues but do not directly address insider threats.

Question 2

A security officer is preparing for a company-wide security audit. They need to ensure that all sensitive data transferred on the network is encrypted. What protocol should they use to achieve this?

Correct Answer: TLS

Transport Layer Security (TLS) is a cryptographic protocol that provides secure communications over a computer network. Using TLS ensures that all sensitive data transferred on the network is encrypted, meeting the security officer's requirement.

Question 3

A company has deployed a secure VPN for remote employees to access internal resources. An employee reports slow network performance while using the VPN. What should the network administrator do to improve VPN performance without compromising security?

Correct Answer: Enable Split-Tunneling

Split-tunneling allows VPN users to route only the traffic destined for the internal network through the VPN while allowing other traffic to access the Internet directly. This reduces the load on the VPN connection and improves performance without compromising security.

More Security Policies and Procedures questions
77 questions (total)
Start 77 question test