Objective 3.3 Flashcards
3.3 Explain the purpose of organizational documents and policies. (14 cards)
What is the purpose of a Physical Network Diagram?
A physical network diagram illustrates the actual, tangible layout of the network.
It shows the real-world location of devices like routers, switches, and firewalls, and how they are physically cabled together.
On the Job: When you need to physically find a device in a server room or trace a specific cable from a user’s desk back to a wiring closet, you use the physical diagram.
It’s the network’s blueprint.
What is the purpose of a Logical Network Diagram?
A logical network diagram illustrates how data flows across the network at Layer 3.
It shows IP addressing schemes, subnets, VLANs, routing domains, and traffic flow paths.
It focuses on how the network is segmented and interconnected, not its physical layout.
On the Job: As a SOC analyst, this is one of your most important documents.
When you see suspicious traffic between two IP addresses, the logical diagram tells you what subnets they are in, what security zones they belong to, and what firewalls or ACLs should be controlling their communication.
What is the purpose of a Rack Diagram?
A rack diagram provides a detailed, front-and-back view of the equipment installed in a server rack.
It shows the specific position (U-location) of each server, switch, patch panel, and other hardware, as well as power connections.
On the Job: This diagram is essential for data center technicians.
When you need to install a new server or troubleshoot a power issue for a specific device, the rack diagram shows you exactly where to look in a sea of identical-looking hardware.
What is the purpose of Change Management Documentation?
Change management documentation provides a formal record of all proposed and approved changes to the network infrastructure.
It includes details like the reason for the change, a plan of action, a rollback plan, and approval signatures.
On the Job: This creates an audit trail. If the network goes down, the first question everyone asks is, “What changed?”
As an analyst, you’ll review change management logs to see if a recent, authorized (or unauthorized) change is the root cause of a new problem or security vulnerability.
What is an Asset Inventory?
An asset inventory is a comprehensive list of all technology assets owned by an organization.
This includes hardware (servers, switches, laptops) and software (operating systems, applications).
Each entry typically includes details like owner, location, and purchase date.
On the Job: You can’t protect what you don’t know you have.
The asset inventory is the foundation of security.
It’s used to manage patching, identify unauthorized devices, and scope vulnerability scans.
What is Life-Cycle Management for network assets?
Life-cycle management is the process of managing a hardware or software asset from its procurement and deployment through its operational use to its final, secure decommissioning and disposal.
On the Job: The decommissioning phase is critical for security.
When a server or hard drive is retired, proper life-cycle management ensures all sensitive data is securely wiped or destroyed, preventing data leakage from discarded equipment.
What is a Configuration Baseline?
A configuration baseline is a standardized, approved configuration for a specific type of system, such as a router, workstation, or server.
It defines the required security settings, software versions, and network protocols that should be on that system.
On the Job: Baselines are used as a reference point. Security tools constantly compare a system’s current configuration to the approved baseline.
If any deviations are found (e.g., a new port is opened, a service is disabled), it triggers an alert, signaling a potential security misconfiguration or unauthorized change.
What is a Security Policy?
A security policy is a high-level document that outlines an organization’s overall goals and rules regarding information security.
It defines what assets need protection and what roles and responsibilities employees have in protecting them.
It is the foundation upon which all other policies are built.
On the Job: This policy grants you the authority to enforce security controls and investigate incidents.
It sets the expectation for security across the entire organization.
What is an Acceptable Use Policy (AUP)?
An AUP is a policy that defines what employees are and are not allowed to do with company technology assets.
It typically covers rules about internet usage, email, and installing software.
This is a document that all users must read and agree to.
On the Job: When an employee is using the network for malicious or prohibited activities (like downloading illegal content), their violation of the AUP is the basis for disciplinary action.
Alerts from security tools often point directly to AUP violations.
What is the purpose of Onboarding and Offboarding Policies?
- Onboarding: A set of procedures for granting new employees access to network resources in a structured and secure way.
- Offboarding: A set of procedures for revoking an employee’s access to all systems and data immediately upon their departure.
On the Job: Offboarding is one of the most critical security processes.
Failing to disable an ex-employee’s account creates a massive security hole, leaving an “orphan account” that can be exploited by attackers.
What is a Password Policy?
A password policy defines the rules for creating and managing passwords.
It typically enforces requirements for length, complexity (using uppercase, lowercase, numbers, symbols), and history (preventing reuse of old passwords).
On the Job: Weak passwords are a primary vector for attacks.
This policy is a technical control that reduces the risk of brute-force or password-guessing attacks being successful.
What is a Remote Access Policy?
A remote access policy defines the rules and requirements for connecting to the organization’s internal network from an outside location.
It specifies who is allowed to connect, what methods they must use (e.g., VPN), and the security requirements for the remote device.
On the Job: This policy is essential for securing the network edge.
As an analyst, you will monitor VPN logs for suspicious login attempts and ensure that remote connections comply with the policy’s security standards.
What is a Bring Your Own Device (BYOD) Policy?
A BYOD policy defines the rules for employees who use their personal devices (laptops, smartphones) to access company data and network resources.
It outlines the security requirements for the device, such as screen locks, encryption, and the installation of security software (MDM/UEM agents).
On the Job: BYOD introduces significant risk.
This policy, and the technical controls that enforce it, are critical for preventing company data from being compromised or leaked from a lost or insecure personal device.
What is a Data Loss Prevention (DLP) Policy?
A DLP policy is an organizational-level document that defines what data is considered sensitive and how it must be handled.
A technical DLP solution is the tool that enforces this policy by monitoring, detecting, and blocking unauthorized transmissions of sensitive data.
On the Job: The policy tells the DLP system what to look for (e.g., credit card numbers, social security numbers, keywords like “confidential”).
When the DLP tool sees this data in an outgoing email or a file transfer to a USB drive, it blocks the action and creates an alert for you to investigate.
