1.3-1.4 Flashcards

1
Q

change approval process

A

need clear policies on making changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

typical change process

A
  1. complete request
  2. determine purpose of change
  3. identify scope of the change
  4. schedule date and time
  5. determine impact of change
  6. analyze risk associated with the change
    7.get approval from change control board
  7. get end user acceptance after change is complete
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ownership in change management

A

the owner is the person who manages the process. receives process updates. does not perform change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

stakeholders

A

whoever is affected by the change.
will want input on change mgmt process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

impact analysis of change

A

determine risk value(high, medium,low)
risk of not making change (vulnerability, downtime)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

how to test results

A

sand box testing environment. test change before deploying.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

backout plan

A

always have a way to revert your changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

(SOP)

A

standard operating procedure outlines the way that things need to happen(ex: change mgmt process). A living document, constantly being updated or changing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

technical change mgmt

A

putting the change mgmt process into action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

allow/deny list

A

allow is strict can ONLY run apps on list
deny is not can run any app EXCEPT the ones on deny list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

restricted activities during change management process

A

since you got approved for a change u can make ONLY that change and nothing else. If additional things need to be changed during that change you refer to the change mgmt process for those steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

legacy apps

A

apps that no longer have patch support, create specific processes and procedures for them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

dependencies

A

to complete A you must complete B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

documentation

A

have to constantly update diagrams and policies/procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

version control

A

track changes to a file or configuration data over time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

public key vs private key

A

anyone can have public key and send data to you with that. only you can decrypt it with your private key. also known as asymmetric encryption

17
Q

symmetric encryption

A

a single shared key, not scalable because if stolen they can encrypt and decrypt all ur data.

18
Q

key escrow

A

someone else holds our private keys

19
Q

encryption full disk/parition

A

full disk is entire storage. Partition is a specific set of data on that storage.

20
Q

EFS

A

Encrypting File System, method used to encrypt files

21
Q

volume

A

a mounted partition.example: Windows does this automatically by assigning a drive letter to the partition, like “C drive, D drive, etc”

22
Q

database encryption

A

protecting stored data

transparent- encrypt all database info with a symmetric key

23
Q

record level encryption

A

encrypt individual columns
use separate symmetric keys for each column

24
Q

transport encryption

A

protect data traversing network using vpn.

25
Q

encryption algorithms

A

many ways to encrypt data. we know the algorithms but dont know the keys. both sides decide on the algorithm before encrypting.

26
Q

key lengths

A

longer are more secure.
symmetric 128 bit or larger
asymmetric 3072 bit or larger

27
Q

key stretching

A

make a weak key strong by hashing the passwords, then hashing that hash and so on..

28
Q

key exchange

A

out of band- dont send key over the net.
in band- on the network, put additional encryption, deliver it with an asymmetric encryption

29
Q

session key

A

encryption and decryption key that is randomly generated to ensure the security of a communications session.
needs to be constantly updated so it doesnt get compromised