Page 838 - StudyBook.pdf
P. 838
822 Appendix • Self Test Appendix
Answer A is incorrect, because a privacy policy will outline the level of privacy an employee
and/or customer can expect from the company. Privacy policies generally include sections that
stipulate corporate e-mail as being the property of the company, and that Internet browsing
may be audited.Answer C is incorrect, because HR policies deal with the hiring, termination,
and changes of an employee within a company.They do not provide information on the
acceptable use of technology.Answer D is incorrect, because SLAs are agreements between
clients and service providers that outline what services will be supplied, what is expected from
the service, and who will fix the service if it does not meet an expected level of performance.
2. You are concerned about the possibility of hackers using programs to determine the passwords
of users.You decide to create a policy that provides information on creating strong passwords,
and want to provide an example of a strong password.Which of the following is the strongest
password?
A. strong
B. PKBLT
C. ih8Xams!
D. 12345
Answer C. ih8Xams! Strong passwords consist of a combination of lower case letters (a through
z), upper case letters (A through Z), numbers (0 through 9), and special characters
(({}[],.<>;:’”?/|\`~!@#$%^&*()_-+=). Of the possible passwords listed, the only one that has
all these characteristics is ih8Xams!
Answers A, B, and C are all incorrect, because they do not use a combination of numbers, spe-
cial characters, and uppercase and lower case letters.
3. You are developing a policy that will address that hard disks are to be properly erased using spe-
cial software, and that any CDs or DVDs that are to be damaged by scarring or breaking them
before they are thrown away. It is the hope of the policy that any information that is on the
media will not fall into the wrong hands after properly discarding them.What type of policy
are you creating?
A. Due care
B. Privacy policy
C. Need to know
D. Disposal and destruction policy
Answer D. Disposal and destruction policy.This type of policy establishes procedures dealing
with the safe disposal and destruction of data and equipment.
Answer A is incorrect, because due care refers to the level of care that a reasonable person
would exercise, and is used to address problems of negligence.Answer B is incorrect, because
privacy policies outline the level of privacy that employees and clients can expect, and the orga-
nization’s perspective on what is considered private information.Answer C is incorrect, because
the need-to-know refers to people only being given the information, or access to data, that
they need in order to perform their jobs.
www.syngress.com
