Go back to CompTIA^® Page

Security+ practice questions
Security policy audit

Home                                                       Up          Previous            

Q10. Which of the following policies describes the type of authorization required to perform a port scan of an organization's internetwork?

A. Acceptable use policy

B. Antivirus policy

C. Audit policy.

D. Nondisclosure agreement

Correct Answer:C

Explanation: 

Security policies describe the vulnerability assessments, incident-response guidelines, logs, and other security procedures. Some of the important security policies are:

1. Acceptable use policy: Describes the acceptable use of an organization's resources including computer hardware, software, email, and Internet resources.

2. Antivirus policy: Describes the measures to be taken for preventing and/or curing virus damage to a Corporate computer network.

3. Audit policy: An Audit policy helps you get the following:

a. Risk assessment, identification of all the potential threats and vulnerabilities within a company's IT systems, covering policies, processes, networks and applications.
b. Details of authorization, investigation, and user compliance.
c. A baseline for developing your organization's information security strategy.

4. Non-disclosure agreement: Agreement with a user for preventing sensitive information disclosure.

5. Password Policy: Describes password requirements including password length, duration, and guidelines.

6. Remote Access Policy: Describes access requirements for remote users.

7. Server security policy: Describes the security precautions to be taken such as isolating the internal server from web server (through the use of buffer zones such DMZ).

                                                               Up                 Previous             

Download Test Simulator from Simulation Exams

Neither Affiliated Nor Endorsed by CompTIA^® Organization. All Trademarks are duly acknowledged.