1.3-1.4

Question 1

change approval process

Answer 1

need clear policies on making changes.

Question 2

typical change process

Answer 2

1. complete request
2. determine purpose of change
3. identify scope of the change
4. schedule date and time
5. determine impact of change
6. analyze risk associated with the change
   7.get approval from change control board
7. get end user acceptance after change is complete

Question 3

ownership in change management

Answer 3

the owner is the person who manages the process. receives process updates. does not perform change

Question 4

stakeholders

Answer 4

whoever is affected by the change.
will want input on change mgmt process

Question 5

impact analysis of change

Answer 5

determine risk value(high, medium,low)
risk of not making change (vulnerability, downtime)

Question 6

how to test results

Answer 6

sand box testing environment. test change before deploying.

Question 7

backout plan

Answer 7

always have a way to revert your changes

Question 8

(SOP)

Answer 8

standard operating procedure outlines the way that things need to happen(ex: change mgmt process). A living document, constantly being updated or changing.

Question 9

technical change mgmt

Answer 9

putting the change mgmt process into action

Question 10

allow/deny list

Answer 10

allow is strict can ONLY run apps on list
deny is not can run any app EXCEPT the ones on deny list

Question 11

restricted activities during change management process

Answer 11

since you got approved for a change u can make ONLY that change and nothing else. If additional things need to be changed during that change you refer to the change mgmt process for those steps.

Question 12

legacy apps

Answer 12

apps that no longer have patch support, create specific processes and procedures for them

Question 13

dependencies

Answer 13

to complete A you must complete B

Question 14

documentation

Answer 14

have to constantly update diagrams and policies/procedures

Question 15

version control

Answer 15

track changes to a file or configuration data over time

Question 16

public key vs private key

Answer 16

anyone can have public key and send data to you with that. only you can decrypt it with your private key. also known as asymmetric encryption

Question 17

symmetric encryption

Answer 17

a single shared key, not scalable because if stolen they can encrypt and decrypt all ur data.

Question 18

key escrow

Answer 18

someone else holds our private keys

Question 19

encryption full disk/parition

Answer 19

full disk is entire storage. Partition is a specific set of data on that storage.

Question 20

EFS

Answer 20

Encrypting File System, method used to encrypt files

Question 21

volume

Answer 21

a mounted partition.example: Windows does this automatically by assigning a drive letter to the partition, like “C drive, D drive, etc”

Question 22

database encryption

Answer 22

protecting stored data

transparent- encrypt all database info with a symmetric key

Question 23

record level encryption

Answer 23

encrypt individual columns
use separate symmetric keys for each column

Question 24

transport encryption

Answer 24

protect data traversing network using vpn.

Question 25

encryption algorithms

Answer 25

many ways to encrypt data. we know the algorithms but dont know the keys. both sides decide on the algorithm before encrypting.

Question 26

key lengths

Answer 26

longer are more secure.
symmetric 128 bit or larger
asymmetric 3072 bit or larger

Question 27

key stretching

Answer 27

make a weak key strong by hashing the passwords, then hashing that hash and so on..

Question 28

key exchange

Answer 28

out of band- dont send key over the net.
in band- on the network, put additional encryption, deliver it with an asymmetric encryption

Question 29

session key

Answer 29

encryption and decryption key that is randomly generated to ensure the security of a communications session.
needs to be constantly updated so it doesnt get compromised