Online Access Free SC0-502 Exam Questions

Things have been running smoothly now at GlobalCorp for the last several weeks. There have been no major attacks, and it seems that the systems in place are performing just as expected. You are putting together some paperwork when you get a call from Blue to meet in the conference room.
When you get there, Blue is wrapping up a meeting with the senior Vice President of Sales, whom you say hello to on your way in.
"I was just talking with our senior VP here, and we're run into a new issue to discuss," Blue tells you.
"Wel Il let you two sort this out. Blue, do let me know when it's all ready to go." With that the VP leaves.
You sit down across from Blue, who starts, "That was an interesting meeting. It seems that even though I have always said no to the request, we are being pressured to implement a wireless network."
"Here?" you ask, "In the executive building?"
"Yes, right here. The sales team wishes to have the ability to be mobile. Instead of running a full scale roll out I have trimmed the request down to running a test implementation on the second floor. The test run on that floor will be used to determine the type of wireless rollout for the rest of the building, and eventually the rest of the campus. So, here is what we need to do. I need you to create the roll out plan, and bring that plan to me. Il review with you and implement as required."
"As always, what is my budget restriction?" you ask.
"In this case, security is the top priority. If we are going to run wireless, it has to be as secure as possible, use whatever you need. That being said, your plan has to use existing technologies, we are not going to fund the development of a new protocol or proprietary encryption system right now."
You begin your work on this problem by pulling out your own wireless networking gear. You have a laptop that uses an ORiNOCO card, and you have a full directional antenna that you can hold or mount on a small tripod. You take your gear to the lobby of the second floor, and you load up NetStumbler quickly to run a quick check that there are no access points in your area.
The immediate area is clear of any signal, so you take you gear and walk the entire second floor, waiting to see if there is any signal, and you find none. With your quick walk through complete, you take your gear back to your office and start working on your plan.
Using your knowledge of the GlobalCorp network, select the best solution to the wireless networking rollout problem:}

• A.You determine that for the test network, you will run the network in infrastructure mode, using a SSID of FLOOR2. During the test, you will create one single Basic Service Set (BSS), running through one access point. All test nodes will be configured to participate in the BSS, using the SSID of FLOOR2, and the access point will be configured with MAC address filtering of the test nodes.
  You will configure the access point to use EAP, specifically EAP-TLS. You will configure a Microsoft RADIUS Server as the authentication server. You will configure the RADIUS server with a digital certificate. Using EAP-TLS, both the server and the client will be required to authenticate using their digital certificates before full network access will be granted. Clients will have supplicant software configured where required.
  You will next make a physical map of the office, using the tool Ekahau. Working with this tool, you will map out and track the positioning of each wireless device once the network is active.
  When the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access. You will continue the test by running checks from the parking lot, ensuring that you cannot gain access.
• B.You figure out that you will run the test network in infrastructure mode, using a SSID of GlobalCorp. You will create one single Basic Service Set (BSS), all running through one access point. All test nodes will be configured to participate in the BSS, using the SSID of GlobalCorp, and the access point will be configured with MAC address filtering of the test nodes.
  You will configure the access point to utilize a combination of 802.1x and WPA. The WPA settings will be fully secured with TKIP, and 128-bit keys, which change on a per session basis. The 802.1x settings will be to use Lightweight EAP (LEAP). The clients will be configured to use LEAP, with a fallback to TKIP at 128-bits.
  When the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access. You will continue the test by running checks from the parking lot, ensuring that you cannot gain access.
• C.You have figured out that since the network is a test roll out, you have some flexibility in its configuration. After your walk through test, you begin by configuring the wireless nodes in the network to run in Ad Hoc mode, creating an Independent Basic Service Set (IBSS).
  You will use a complex SSID of 5cN@4M3! on all wireless nodes. You will next configure every node to no longer broadcast any beacon packets. You will configure all the nodes to not use the default channel, and instead move them all to channel six.
  You will configure every node to use MAC address filtering, to avoid unauthorized nodes from attempting to gain access to the network. Finally, you will configure each node to use WEP in the strong 128-bit mode, along with a complex 16-character passphrase.
  Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.
• D.You have figured out that since the network is a test roll out, you have some flexibility in its configuration. After your walk through test, you begin by configuring the wireless nodes in the network to run in Ad Hoc mode, creating an Extended Basic Service Set (EBSS).
  You will use a complex SSID of 5cN@4M3! on all wireless nodes. You will next configure every node to no longer broadcast any beacon packets. You will configure all the nodes to not use the default channel, and instead move them all to channel six.
  You will configure every node to use MAC address filtering, to avoid unauthorized nodes from attempting to gain access to the network. Finally, you will configure each node to use WEP in the strong 128-bit mode, along with a complex 16-character passphrase for generating four keys. You will manually input the WEP Keys into each node. You will divide the test nodes into quarters, and configure each quarter to startup on the network using a different default WEP key.
  Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.
• E.You determine that for the test network, you will run in infrastructure mode, using a SSID of FLOOR2. During the test, you will create one single Independent Basic Service Set (IBSS), running through one access point. All test nodes will be configured to participate in the IBSS, using the SSID of FLOOR2.
  You will configure the access point to use WPA, with an algorithm of TKIP. You will configure WPA to utilize the full 128-bit key option, with the pre-shared WPA key option. The client computers will need supplicants, so you will configure the Funk Software Odyssey Client on the clients, matching the key settings and TKIP settings.
  You will disable the access point from broadcasting its SSID, and you will configure MAC address filtering.
  Once the network is up and running, you take your gear (which is not an authorized client of the network) and every few days will walk the office again, checking for access.

By now, you are feeling confident that the security of the MegaCorp network is getting under control. You are aware that there are still several critical areas that you must deal with, and today you are addressing one of those areas. You have been able to take care of the router, firewall, security policy, and intrusion detection, now you are concerned with some of the hosts in the network.
Since the organization is not very large, you are the only person working in the IT end of the company. It will be up to you to directly work on the systems throughout the network. You make a quick chart of the systems you know should be in the MegaCorp network: Server0001, 10.10.20.101, Windows 2000 Server
Server0010, 10.10.20.102, Windows 2000 Server
Server0011, 10.10.20.103, Windows 2000 Server
Server0100, 10.10.20.104, Linux (Red Hat 8.0)
User systems, 10.10.100.100~10.10.100.200, Windows 2000 Professional
The addressing that you recommended months ago is in place, and it follows a distinct logical pattern, you are hoping that no new systems are hidden in the network somewhere.
In the company, you have been granted domain administrator rights, and no other user is authorized to have administrator, root, supervisor, or otherwise privileged level of access. All the Windows systems are to belong to one windows domain called SCNA.edu. Users are no longer allowed to install unauthorized applications, and are all to use the file servers for storage. Although they have the ability to do so, users are not supposed to store any work data on their local systems.
The servers are located in a server cabinet that is inside your office, so you decide to start working there. Using your knowledge of MegaCorp select the best solution for hardening the MegaCorp operating systems:}

• A.You being by running a Nessus scan from your office laptop on the systems in the network, first the servers, then the user workstations. After the scans are complete, you store the reports on your laptop, and you take your laptop to the server room.
  In the server room, you begin on the Windows servers. You implement a custom security template on each server using the Security Configuration and Analysis Snap-In, remove any unauthorized accounts, ensure that each system is updated with the latest patches, and ensure that the permissions on each shared object are as per policy.
  You then work on the Linux server, by addressing each point identified in the Nessus scan. You then lock the system with Bastille, ensure that each system is updated with the latest patches, and run a quick Tripwire scan to create a baseline for the system.
  You take your laptop with you as you go throughout the network to each user workstation, ensure that each system is updated with the latest patches, and you take care of each issue you found on the machines. There are a few systems that you find with unauthorized applications and you remove those applications.
• B.You begin by running a Nessus scan on each computer in the network, using the \hotfix switch to create a full report. The report identifies every vulnerability on each system and lists the specific changes you must make to each system to fix any found vulnerabilities.
  You take the report to the server room and start with the Linux server. On the server, you run through the steps as outlined in the Nessus report, and end by locking the system using Bastille.
  Then, you move to the Windows systems, again following the steps of the Nessus report, and ending by using the Security Configuration and Analysis Snap-In to implement the Gold Standard template on every server.
  Finally, you proceed to each user workstation. At each user machine, you follow each step for each system, based on your report. Once you have addressed all the vulnerabilities in the systems, you run a quick Secedit scan on each system to ensure that they are all locked down and that proper encryption is configured.
• C.You start the job by running some analysis on the Windows servers. You do this using the Security Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches. You find several user accounts that have been given local administrator access, and you remove these accounts. You next use the Secedit tool to implement local encryption on the shared hard drive to secure the local files for the network users.
  You then work on the Linux server. To your surprise there are no unauthorized root accounts, nor any unauthorized shares. You ensure that the permissions are correct on the shared objects, and run Bastille to lock down the server.
  You then work on the client machines. Before you physically sit at each machine, you run a Nessus scan from your office. Bringing the results with you, you go to each machine and address any issues as identified in the Nessus scan, remove any unauthorized applications
• D.The first thing you do is to run a Nessus scan against all the servers in the room, noting the findings of the scans. You then begin on the servers by running some tests on the Linux server. First, you run Tripwire on the entire system to ensure that there are no rogue Root accounts, and the test is positive. Second, you ensure that there are no unauthorized objects available through the network, and third you lock the system down with Bastille.
  You then work on the Windows servers. You run a check to ensure there are no unauthorized administrator accounts, and there are not. You create a custom security template and implement the template on each server using the Security Configuration and Analysis Snap-In, and you ensure that each system is updated with the latest patches.
  Finally, you analyze the user's desktops. You go one by one through the network checking for added user accounts, and you find some. You remove these unauthorized accounts and check for software and applications. Again, you find some applications that are not allowed and you remove them. You check the systems for hardware changes, and address the issues that you find.
• E.The first thing you decide to do is plug your laptop into the server room, and run a full Nessus scan on the entire network, specifically looking for every backdoor vulnerability that the application can check. This takes some time to compile, but you eventually end up with a list of issues to address on each machine.
  You move on to the Linux server, and run a fast Tripwire check on the system to look for any additional vulnerabilities. Once that check is done, you install SSH so that all access by every user will be encrypted to the server, and you run Bastille to lock down the system.
  At the Windows systems, you address any issues found during the Nessus scan, you ensure that each system is updated with the latest patches, and you ensure that the systems are all functioning as fully secure and functional file servers to the network by implementing the HISECWEB.INF template in the Security Configuration and Analysis Snap-In.
  Finally, you work on each desktop machine by removing any vulnerabilities listed in the scan report. You remove a few pieces of unauthorized hardware and many unauthorized applications.

You finish the work you were doing in the morning, and head out to the monthly meeting. During this meeting, the Vice President of Strategic Partner Relations informs the group of some news, "we have decided that we need to implement a new web site that is for our strategic partners only. This site will be used for various purposes, but will primarily be used as a means of information exchange."
"So, is this going to be a private site?" asks Blue.
"Absolutely. We will not want any public users on this website. It's just for the people we identify in our Strategic Partner Program. I need those of you in security to be sure that this site is secure."
"We can take care of that. How many people do you think will be accessing the site?" asks Blue.
"Not too many, perhaps around fifty."
"So, is it correct to assume that you know each of these fifty people?"
"Yes, that is correct."
"OK, well this should not be too hard. Wel get working on this right away."
The meeting ends, and you and Blue chat more about the web site issue.
"Well, we know that only around fifty people are going to access the, and we know who these fifty are. This should not cause too many problems," Blue says.
"I agree. Do you think it will be all right to spend any money outside of the site itself?" you ask.
"Since we are dealing with so few people, that shouldn be a problem. However, we cannot go overboard. Go ahead and write up a plan for this and get it back to me in a day or two."
Based on your knowledge of GlobalCorp, choose the best solution to the web site security issue.}

• A.You decide to use digital certificates on smart cards to secure the web site. You will first install a new IIS web server to host the site. You then connect to the CA_SERVER and request a new certificate for the server. The server certificate will be used for authentication, and you have the certificate issued and stored on a portable USB drive.
  You then configure a machine to function as the enrollment machine for smart cards. You are going to manage the smart cards yourself. At the machine that you are going to use for the smart cards, you first configure the system with an enrollment agent certificate from the CA_SERVER, and then you install the driver for the smart card reader.
  Once the driver is installed, you make certificate requests for each of the fifty users. You start with the first user, by logging in to the CA and selecting the option to Request A Certificate For A Smart Card On Behalf Of Another User Using The Smart Card Enrollment Station radio button. You then select the Smartcard User template, and enter the user name. When prompted, you put a blank smart card in the reader and press the Enroll button, followed by entering the default PIN.
  You then test access to the site from a remote machine using the smart card and PIN to be authenticated to the site. Once the test is complete, you write a short howto file and send it along with the smart card, smart card reader, and driver to each of the fifty users. You follow up with each user upon receipt to walk them through the configuration.
• B.You decide to use strong authentication via biometrics, specifically fingerprint scanning to secure the web site. You will first install a new IIS web server to host the site. You then configure fifty user accounts for the remote users, and assign those accounts very strong passwords.
  You then ship one biometric mouse and software to each remote client. You call each user and walk them through the process of configuration of their equipment. First, you tell them to create a matching user account with the same user name and very strong password as you used on the IIS server. You then have them install the software, which you instruct them to configure so that the biometric will be linked to the user account.
  Once the software is installed, you instruct them to connect the mouse to their system and load the appropriate driver. With the driver installed, you tell them how to load the program and enroll their fingerprint. Once they have their fingerprint enrolled, and it is matched to their user account, you let them know that their side of the configuration is complete, and that you will call them shortly to finish the process.
  You return to the configuration of the IIS server. In the Security properties of the website, you select the Advanced authentication tab. On the Advanced tab, you check the box for mapping user accounts to external biometric devices, and you check the box to allow the remote machine to control the mapping. You finish the configuration by configuring the site to use 128-bit RSA to encrypt the data between the client and the server.
  With the server configuration done, you call the client back and have them log in using their biometric mouse. Once logged in, you instruct them to connect to the website and verify the secure site is running.
• C.You decide that you will use freely available PGP certificates to secure access to the website. You will first install a new IIS web server to hose the site. You then configure one user account, with a strong password. You map this account as the only account that has access to the website.
  You then log on locally, as this user account, to the server and create a public\private key pair. From that account you then send an outgoing email to all fifty users with the account private key. You finish the configuration of the website by making changes in the Security properties of the website.
  In the Security properties, you select the Advanced tab. On the Advanced tab, you check the box to map this account to a local digital certificate, and you select the new certificate you just created.
  Next, you contact each remote user and instruct them to open the email from you. You have them store the key they receive in their personal certificate store. To verify the install is correct, you walk them through the process of viewing their certificates in the MMC. Once verified, you have the user connect to the website, and enter the location of their certificate when asked for authentication credentials.
• D.You decide to use existing security technology of digital certificates and SSL to secure the site. You first install a new IIS server that will be the host of the web site. You then connect to the GlobalCorp CA for the executive building and request a new certificate for the web site.
  You then configure the web site to Require a Secure Channel (SSL) and install the certificate. One you install the new certificate, you connect from the new server to the CA in each office where one or more of the fifty people that require access works. At that CA, you install the CA certificate, so that the new server will trust the certificates that each CA issues.
  Next, you return to the configuration of the new web site. To make the site more secure, you require client certificates, and enable mappings for each user account. You call each user and ensure that they have a certificate from their own CA, which the new server now trusts. You walk them through the process of connecting to the site, and verify that secure access to them has been granted.
• E.You decide that you will use digital certificates to secure the web site. You will first install a new private CA that the remote users can connect to and request their certificates. This CA will be protected with a very strong password. Each user will be given a user account to access the CA, also protected with a strong password.
  Next, you install the new private web server. You then connect to the new CA and make a request for a certificate for the web site. Once you receive the certificate, you configure the web site to use the certificate to Require a Secure Channel (SSL). You then select the option to require client certificates, and you enable mapping for each user account.
  Finally, you will call each person and instruct them on the process of connecting to the CA and requesting their certificate, which you will instruct them to store on their local machine. Once they have their certificate, you have them test access to the site, and when successful you move on to the next person.

For the past month, the employees in the executive building have been getting adjusted to their new authentication systems. There was a large spike in help desk calls the first week, which has gone down daily, and now there are fewer login related calls than there was when the office used passwords alone.
During your weekly meeting with Blue, the authentication subject is discussed, "So far, the system is working well. Our call volume has dropped, and it seems that most people are getting used to the tokens. There is one issue, however."
"Really, what's that?" you ask.
"It seems that the senior executives are not that keen on carrying the new tokens around with them. They are asking for a way to authenticate without carrying anything, but still have it be secure."
"All right, do we have a budget?"
"Yes, however there are not that many senior executives, so the cost isn the primary issue; although we do want to keep the costs down as much as possible."
"So, what limitations do I have?"
"Well you need to be sure it easy to use, is unintrusive, won't require too much training, won't be all that expensive, and provides for strong authentication." Blue tells you.
Based on this information, choose the best solution to the authentication problem for the senior executives on the fourth floor.}

• A.You talk to three of the senior executives on the fourth floor and determine that they disliked the tokens therefore you will install a new authentication system. The people you talked to didn say they would have problems with smart cards, so you decide tonew authentication system. The people you talked to didn? say they would have problems with smart cards, so you decide to implement a smart card solution.
  You configure each machine with a smart card reader and driver. You then create a local account for each user, and make that account use smart cards. You then assign a smart card to the account and load the user credentials on the card. You then walk the executive through the process of using the smart card, and have each person test his or her system.
  With the software installed, the reader installed, and with the smart card authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.
• B.You talk to some of the senior executives on the fourth floor and determine that many of these people are interested in a biometric solution, and that many of them have an interest in retinal authentication. They like the fact that they may be able to simply look at the computer and be authenticated.
  Since they like this technology, you decide this is what you will implement. You configure each machine with the Panasonic Authenticam and authentication software. You then walk the executive through the process of enrollment, and have each person test his or her system.
  With the software installed, the retinal scanner installed, and with the retinal authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.
• C.You talk to several of the senior executives on the fourth floor and determine that many of these people are interested in a biometric solution, and that many of them have an interest in voice authentication. They like the fact that they may be able to simply speak to the computer and be authenticated.
  Since they like this technology, you decide this is what you will implement. You configure each machine with the Anovea software for voice authentication, and configure a microphone at each workstation. You then walk the executive through the process of enrollment, and have each person test his or her system.
  With the software installed, the microphone installed, and with the voice authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.
• D.You talk to several of the senior executives on the fourth floor and determine that many of these people are interested in a biometric solution, and that many of them have an interest in fingerprint authentication. They like the fact that they may be able to simply touch something by the computer and be authenticated.
  You begin the configuration by installing a BioLink USB mouse, driver, and authentication software. You walk each person through the process of enrollment, and how to best use the scanner, and have each person test his or her system.
  With the software installed, the mouse and driver installed, and with the fingerprint authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person's system.
• E.You talk to two of the senior executives on the fourth floor and determine that these people are interested in a biometric solution, and that they have an interest in retinal authentication. They like the fact that they may be able to simply look at the computer and be authenticated.
  Since they like this technology, you decide this is what you will implement. You configure each machine with the Panasonic Authenticam and authentication software. You then walk the executive through the process of enrollment, and have each person test his or her system.
  With the software installed, the retinal scanner installed, and with the retinal authentication testing and functional, you uninstall the token software and retrieve their tokens. You verify that everything works, and you move on to the next person system.

You got the router configured just as you wish, and it is time to get the team together for a meeting. You have the advantage of knowing several of these people for quite some time through your contracting, but this will be your first full meeting with them.
The next day, you sit down with the CEO, HR Director, and other management people in MegaCorp. You wish for the meeting to be as short as possible, so in this initial meeting, you open with a short summary and project what you feel is a serious problem with the company.
"Thanks for coming. I will try to keep this as brief as possible. As you all know, Red was let go under difficult circumstances, and for the last week I have been working non-stop to get the network and security under control here. Very good progress has been made, but we are missing a fundamental component. There is no security policy here at MegaCorp." To this, you see some heads nod in agreement, others have no reaction whatsoever, and a few people let go disappointing sighs.
"I agree that we need a security policy," adds the HR Director, "as long as it doesn't become too restrictive."
"Policies are only used to document the posture of the organization, and to provide some guidance in the direction of the network and, in this case, the security of the network." You add, "Without a written policy, how is any employee supposed to know what is acceptable, what is not acceptable, and so on."
"Our employees have common sense, we do not want the company to become overly regulated," says a middle manager who you have not spoken with before.
"Common sense is great, the more the employees have, and the easier it is to implement the policies. But, there is no guarantee for the human element. A simple review of what just took place with Red is a quick reminder of this." With that comment, the middle manager relaxed a bit, and hesitantly agreed.
"So, what I would like to do is to lead the development of the policy here, and work with each of you to get it implemented. In the next few days, I will be requesting a bit of your time, so we can talk one on one about your needs and issues surrounding the policy."
The next week, you meet with the management team, and you have a list of questions for them, designed to help you in drafting the security policy. You have decided to break up the creation of the policy into pieces, spending shorter blocks of time on the policy. This allows the management to be able to keep most of their days open for running the company.
During the meeting, you focus solely on the Acceptable Use statement for the users of the network. You ask the following questions to the group, and the consensus answer (after taking your suggestions into account) is listed after each question.
1.Are users allowed to share user accounts? No.
2.Are users allowed to install software without approval? No. Approval must come through you, or the current Chief Security Officer (CSO).
3.Are users allowed to copy software for archive or other purpose? No, archives can only be made by the network administration staff.
4.Are users allowed to read and\or copy files that they do not own, but have access to? Yes.
5.Are users allowed to make copies of any operating system files (such as the Windows directory or the SAM file)? No.
6.Are users allowed to modify files they do not own, but for which they have write abilities? Yes, if they have write abilities, they are allowed to modify the file.
Using the provided information from the meeting, you draft the Acceptable Use Statement. The statement reads as follows:
This Acceptable Use Statement document covers MegaCorp, networks, computers, and computing resources. Network, computer, and computing resources are defined as physical personal computers, server systems, routers, switches, and network cabling. Also included in the definition are software (media) elements such as floppy disks, CD-ROMs (including writeable and re-writeable), DVD-ROMs, and tape backup systems. A user is defined as the individual account with authorization to access MegaCorp, resources. All users of the MegaCorp network are expected to conduct themselves in a respectful and legal manner.
The MegaCorp, general computing systems are unclassified systems. As such, top-level secret information is not to be processed or stored on any general unclassified computer system.
Individual users are responsible for the proper storage of their personal data on their workstations. For assistance on proper storage, users are instructed to contact the Security staff of MegaCorp.
In the event that a user has identified a security breech, weakness, or system misuse in a MegaCorp, system, they are required to contact the on-duty Security staff immediately. Users are to use a completed MegaCorp-TPS Report for their notice to the Security staff. Initial contact with the Security staff about the incident might be conducted via email or telephone.
Individual users are not granted access to systems and resources they have not been given explicit authority to access. In the event access to a resource is required, and access has not been granted, the user is to make a request to the on-duty Security staff.
Individual users shall not make unauthorized copies of copyrighted software, except as permitted by law or by the owner of the copyright.
Individual users are not permitted to make copies of system configuration files for their own, unauthorized personal use or to provide to other people or users for unauthorized uses.
Individual users are not permitted to share, loan, or otherwise allow access to a MegaCorp resource via the user assigned account.
Individual users are not permitted to engage in any online or offline activity with the intent or harass other users; degrade the performance of any MegaCorp, system or resource; impede the ability of an authorized user to access an authorized resource; or attempt to gain access to an unauthorized resource.
Electronic mail resources are for authorized use only. Messages that might be deemed fraudulent, harassing, or obscene shall not be sent from, to, or stored on MegaCorp, systems.
Individual users are not permitted to download, install, or run any unauthorized programs or utilities, including those which reveal weaknesses in the security of a system. This includes, but is not limited to network sniffing tools and password cracking utilities.
Users who are found to be in violation of this policy will be reported to the on-duty Security staff and the MegaCorp CEO. The CEO will determine if the violation will result in the loss of MegaCorp, network privileges. In he event the violation warrants, the CEO may press civil or criminal charges against the user.
I have read and understand the MegaCorp, Acceptable Use Statement, and agree to abide by it.
With this information, and your knowledge of MegaCorp, choose the answer that will provide the best solution for implementing the Acceptable Use statement policy needs of MegaCorp:}

• A.After the review of the policy it is decided that some of the bullet points in the document need to be changed. You make the requested changes, and the team reviews the document once more.
  "It all looks good to me now," says a manager in the meeting.
  "OK, how should we present this to the employees?" you ask.
  "I could take a copy to each employee and discuss it with them," offers the HR director.
  "No, that would be too time-consuming. That not a good use of your time," responds the CEO.
  "We need to get this done, obviously. What is our most cost-effective way of doing this?"
  "Well, I could post the policy on our intranet site, and we could have the employees go and
  download it themselves. During lunch, perhaps?" you suggest.
  "That sounds good, let take that approach," the CEO answers."
  Later that day, you create a quick intranet site, called MegaCorp policy and documents. You draft
  a quick email, which will be sent to all the employees in the company:
  "Dear _____,
  At MegaCorp we have just finished work on a security policy that will clearly define the use of the
  computers and other issues. This document will answer the questions that many of you have had
  recently on what you are allowed to do with the computer and when online.
  At your earliest convenience, please connect to the new site I have linked here, to download and
  read the new policy. Thanks and have a great day.
  -MegaCorp Security Staff."
  You verify the site is working, send the email out to all the employees, and go home for the day.
• B.You present the current draft to the team at the next meeting. There is some discussion now on the language of the different clauses, and it seems that no one can agree on the points. What you thought was close to being done, now seems to be at risk of never getting done.
  As the meeting escalates, and opinions start to get louder, the CEO interrupts the group, "Enough.
  We are a small group, we have enough in common, we know what we need out of this. We will
  bring in three contractors who specialize in policy writing.
  Wel give them our thoughts, they will work with our tireless Security Guru, and get this thing
  done."
  You are not all that thrilled about three consultants coming down on your territory, but realize the
  frustration of the CEO. You agree, "That fine by me. Il meet with them, and we will draft the
  document."
  There is other business on the agenda for the meeting, but it is not related to you, so you excuse
  yourself and go back to your office.
  After working with the three consultants for a month, you have the document, approved by
  MegaCorp. You organize a company wide meeting, where the consultants describe the policy and
  what it is for to all the employees. The employees are told where they can find the policy to review for themselves, and after a question and answer session everyone gets back to their work.
• C.You present the draft statement to the team at the next meeting. There is some discussion as to the wording in the clause regarding the internal TPS Report. Some in the group feel the TPS Report will be to tedious to use, others think with a distributed memo about the Report, everything will be fine. After further discussion all agree on the wording of the policy.
  The team finishes the discussion, and the meeting ends with approval of the document. Once the document is approved, you move the discussion towards getting everyone in the company aware of and agreeing to it. "I suggest that we tie it into our paychecks, and have the document go through HR." "We could do that, I guess. I can present the document to all the employees over the rest of the month." the HR Director responds. Following that, the CEO brings up that there is going to be a company dinner next month, and that at the dinner the CEO will declare the policy in place, and that "As all of us become comfortable with this, we all should appreciate this step forward for our company."
  The next day, you post the policy on the company intranet site, so everyone has an electronic copy to go with their copy from the HR meeting. Once that is done, you move on to your next project.
• D.Once the meeting ends, you make the changes that were discussed during the meeting. They are not too extensive, but you make them and present the document to the team again on Friday. Now that you have made the changes, the policy is accepted, and the discussion moves towards getting every employee to sign and agree to the policy.
  "Well, it's Friday afternoon. Everyone needs their paychecks today." Comments the HR director. "Good point, let just print out 100 of these, and tell everyone to sign them in order to get their
  check." Agrees one of the" managers.
  After some discussion, it is agreed that this will be the fastest way to get all the employees to sign
  the policy document. The meeting wraps up around 2:00, and the printing and stapling of the
  policy documents ends around 4:00.
  Over the next hour, the HD director, with the help of the manager, hand our checks, making all the
  employees sign the document in order to get their check. You think to yourself that the efficiency
  of a small operation like this is nice to see in action. You go to get your check, sign your
  document, and are actually able to end your day at 5:00pm on a Friday.
• E.You present the draft statement to the team at the next meeting. There is some discussion as to the wording in the clause regarding the internal TPS Report. Some in the group feel the TPS Report will be to tedious to use, others think with a distributed memo about the Report, everything will be fine. After further discussion all agree on the wording of the policy.
  The employees meet with the HR director over the next week, and are all presented with a copy of
  the policy and discuss how to it is to be implemented. There is some resistance, some of the
  employees are not happy about having a new procedure to follow.
  While walking back to your office, you see the CEO, and motion that you have a quick question,
  "How does the new policy seem to be going with HR?" you ask.
  "So far so good, there are a few folks not that happy, but I think wel be fine."
  "Ie got to get over there tomorrow to sign mine, when are you meeting with HR?"
  "Me Ie got too much going on right now. I have to oversee everything; whatever happens and
  goes on here has to go through me anyway. I don't have time to bother with that myself, I just
  wanted to be sure we had something legally binding to protect us and to assist the employees."
  "Fair enough. Listen, I need to talk with you soon about our firewall situation," you reply.
  "OK, stop by anytime. You know my door is always open."
  You walk away, and are pretty happy with how things are going here. You know you have more
  work to do, but so far your suggestions are being taken well and appreciated.