# Security Policies Which of the following is NOT an area user policies need to cover. > If and when to share passwords Passwords must always be shared with any person for any reason. > False Always open email attachments coming from unknown sources. > False What is the best rule of thumb in access control? > Allow the least access job requirements allow Logon accounts, VPN, network and any other resources should NOT be disabled for leaving employees. > False Instant messaging can be used not only for business communication but also for personal communication. > False Which of the following is NOT an example of a user password policy? > Users may share passwords only with their assistants What should an employee do if she believes her password has been revealed to another party? > Change her password immediately Which of the following should be recommended as acceptable e-mail attachments? > Attachments the user expected Which of the following is the best reason users should be prohibited from installing software? > If a user’s account does not have privileges to install, then it is likely that a Trojan horse will not be inadvertently installed under her account --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://wiki.zacheller.dev/network-security/courses/isci-cnss-course/security-policies.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.