Podcast
Questions and Answers
What constitutes a violation of the email policy?
What constitutes a violation of the email policy?
Which group of users can send mass emails to over 100 recipients?
Which group of users can send mass emails to over 100 recipients?
What is the storage quota for officers in grade F?
What is the storage quota for officers in grade F?
Who is responsible for backing up archived emails saved to local disks?
Who is responsible for backing up archived emails saved to local disks?
Signup and view all the answers
What type of emails should not be sent as mass mail according to the policy?
What type of emails should not be sent as mass mail according to the policy?
Signup and view all the answers
Which of the following is not considered inappropriate email usage?
Which of the following is not considered inappropriate email usage?
Signup and view all the answers
What is the action that may result from inappropriate email usage?
What is the action that may result from inappropriate email usage?
Signup and view all the answers
What should officers in grade G or lower do before sending mass emails?
What should officers in grade G or lower do before sending mass emails?
Signup and view all the answers
What is required in terms of time synchronization for network devices?
What is required in terms of time synchronization for network devices?
Signup and view all the answers
Which of the following actions is NOT permitted regarding LAN and WAN connectivity?
Which of the following actions is NOT permitted regarding LAN and WAN connectivity?
Signup and view all the answers
What measures should be taken regarding device passwords before deployment?
What measures should be taken regarding device passwords before deployment?
Signup and view all the answers
What is the requirement for remote access to the corporate network?
What is the requirement for remote access to the corporate network?
Signup and view all the answers
What must happen to unused ports and interfaces on devices?
What must happen to unused ports and interfaces on devices?
Signup and view all the answers
What is required regarding network equipment configuration backups?
What is required regarding network equipment configuration backups?
Signup and view all the answers
What should be done with CCTV connections to the corporate LAN?
What should be done with CCTV connections to the corporate LAN?
Signup and view all the answers
Which protocol is specified not to be used for remote access?
Which protocol is specified not to be used for remote access?
Signup and view all the answers
What is a requirement for wireless client systems according to the security policy?
What is a requirement for wireless client systems according to the security policy?
Signup and view all the answers
Which mechanism is used to manage access points in the corporate network?
Which mechanism is used to manage access points in the corporate network?
Signup and view all the answers
What type of authentication is mandated for access to wireless networks?
What type of authentication is mandated for access to wireless networks?
Signup and view all the answers
What is required for all wireless communication between clients and corporate networks?
What is required for all wireless communication between clients and corporate networks?
Signup and view all the answers
Which of the following is NOT allowed according to the wireless security policy?
Which of the following is NOT allowed according to the wireless security policy?
Signup and view all the answers
What must be deployed at corporate locations with permanent wireless networks?
What must be deployed at corporate locations with permanent wireless networks?
Signup and view all the answers
How should access permissions for wireless clients be managed if IPS cannot be deployed?
How should access permissions for wireless clients be managed if IPS cannot be deployed?
Signup and view all the answers
What must be ensured regarding the separation of networks?
What must be ensured regarding the separation of networks?
Signup and view all the answers
What is the primary recommendation regarding updates to IT infrastructure?
What is the primary recommendation regarding updates to IT infrastructure?
Signup and view all the answers
What factors should be assessed before adopting cloud services?
What factors should be assessed before adopting cloud services?
Signup and view all the answers
Which of the following is NOT mentioned as a consideration in adopting cloud services?
Which of the following is NOT mentioned as a consideration in adopting cloud services?
Signup and view all the answers
What is the recommended first step for new IT requirements?
What is the recommended first step for new IT requirements?
Signup and view all the answers
In which scenario is it advised to consider cloud services?
In which scenario is it advised to consider cloud services?
Signup and view all the answers
What is an essential component to evaluate when moving applications to the cloud?
What is an essential component to evaluate when moving applications to the cloud?
Signup and view all the answers
What should be the basis for adopting cloud services according to the given policy?
What should be the basis for adopting cloud services according to the given policy?
Signup and view all the answers
Why is it important to assess data before adopting cloud services?
Why is it important to assess data before adopting cloud services?
Signup and view all the answers
What is required for any cloud service engagement according to the regulations?
What is required for any cloud service engagement according to the regulations?
Signup and view all the answers
What must be implemented for handling sensitive personal data in the cloud?
What must be implemented for handling sensitive personal data in the cloud?
Signup and view all the answers
What must be built into the contract for projects involving Aadhaar data?
What must be built into the contract for projects involving Aadhaar data?
Signup and view all the answers
What is the development architecture for IndianOil mobile applications based on?
What is the development architecture for IndianOil mobile applications based on?
Signup and view all the answers
For external users, what type of connectivity is required between their devices and web servers?
For external users, what type of connectivity is required between their devices and web servers?
Signup and view all the answers
What types of mobile applications has IndianOil adopted?
What types of mobile applications has IndianOil adopted?
Signup and view all the answers
Which of the following is NOT a key aspect of securing mobile devices for IndianOil?
Which of the following is NOT a key aspect of securing mobile devices for IndianOil?
Signup and view all the answers
What is a key requirement for network communication links to cloud service providers?
What is a key requirement for network communication links to cloud service providers?
Signup and view all the answers
Study Notes
Network Security and Policy
- Different network zones must be securely interconnected to maintain integrity and security.
- Utilize web security gateways, content filtering, and firewalls for controlling external network traffic.
- All network and infrastructure devices should implement Network Time Protocol (NTP) aligned with Indian Standard Time (IST).
- New network and infrastructure equipment must comply with IPV6 standards.
LAN and WAN Management
- Approval from COIS is mandatory for leased lines, MPLS VPNs, internet lines, and P2P communication links.
- Divisions can request bandwidth enhancements or reductions, subject to COIS's review.
- COIS governs the IP address scheme for LAN/WAN allocations.
- Rate contracts for WAN MPLS services must be finalized by COIS and utilized by divisions with prior approval for any extra needs.
Device Security Protocols
- Default settings and passwords of devices must be changed before deployment; passwords must align with policy standards.
- Secure protocols (SSH, SSL, IPsec) should be used for remote access, while insecure protocols like telnet must be disabled.
- All unused ports on devices need to be disabled, and devices should automatically close inactive sessions.
- Only approved routing protocols are allowed for WAN configurations.
- Regular (monthly) backups of device configurations are required, especially after changes.
- CCTV networks should be isolated from corporate LAN, connecting through a security appliance as needed.
Network Access Policies
- Remote access must be conducted via a secure VPN with two-factor authentication, granted on approval.
- Development, quality, and testing environments must be separated from the production environment.
Wireless Network Security
- Users must connect only via corporate wireless networks, avoiding external untrusted access points.
- Wireless LAN must be segregated from wired LAN, with regular maintenance and audits conducted.
- Wireless controllers are necessary for managing access points and limiting coverage.
- Tips for authentication: all wireless access must be authenticated with strong password policies and WPA2 encryption or better.
Email Usage Policy
- Strictly prohibits derogatory, offensive, political, or personal emails through corporate accounts.
- Sending mass emails requires authorization based on recipient count, restricted by user grade.
- Users must back up emails regularly; the administrator does not restore lost data due to user error.
Cloud Computing Strategy
- Explore cloud options for updating IT infrastructure, assessing data and application needs before adoption.
- Ensure compliance with cybersecurity and data regulation standards, specifically regarding data localization.
- Engage only MeitY empaneled Cloud Service Providers (CSP) for any services involving sensitive data.
- Must include strong security measures like data encryption and multi-factor authentication for projects with personal data.
Mobile Technology Integration
- Customized mobile applications aim to facilitate access for employees, dealers, consumers, and vendors.
- Development should adhere to open standards for compatibility with third-party solutions.
- Strong mobile device security must be maintained, utilizing SSL connections for external user access to corporate data.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on essential network security measures and policies related to LAN and WAN management. This quiz covers the protocols for secure connections, device security, and guidelines for effective network administration. Enhance your understanding of both infrastructure management and device configuration standards.