Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MC 701 > 701 - Chapter 11 > Flashcards

701 - Chapter 11 Flashcards

1
Q

What process ensures that every proposed change is properly reviewed and cleared by management before it takes place?

A

Approval process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What clearly defines who is responsible for each change by designating a primary owner who will be the key decision maker and sponsor of the change?

A

Ownership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What identifies all the individuals and groups within the organization and outside the organization that might be affected by the change?

A

Stakeholder analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the review of potential effects of the change, including unintended side effects?

A

Impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What confirms that the change will work as expected?

A

Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What provides a detailed sequence of steps that the team should follow if the change goes wrong?

A

A back out plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the time that is coordinated with stakeholders and that they are aware that the system may be down due to maintenance?

A

Maintenance window

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The change management process should not be closed out until what occurs

A

All documentation and diagrams are updated to reflect the impact of the change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the formal process used to track the current versions of software code and system application configurations?

A

Version control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the data type that is governed by external laws and regulations with which the organizations must comply? And what is an example?

A

Regulated data… PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What data type is about monetary transactions related to an organization or individual?

A

Financial information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What data type is information that is crucial to the way that an organization runs its business? And what is an example of this?

A

Intellectual property… trade secrets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

And what data type is among the most sense information maintained by an organization?

A

Legal information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What provides a formal category for identifying the sensitivity and the criticality of #DATA?

A

Data classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the three levels the US government uses for data classification and what are the four levels that private companies may use?

A

Top-secret, secret, confidential… public, private, confidential, restricted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What identifies how long data is kept in sometimes specifies where it is stored?

A

DATA retention policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What methods ensure that data is removed or destroyed from any devices before disposing of the devices?

A

DATA sanitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the process of removing all remnants of a file on a desk by overriding the location where the file was stored with ones and zeros?

A

Files shredding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What refers to the process of completely removing all remnants of data on a disk by overwriting with ones and zeros?

A

Wiping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

True or false solid-state drives can use traditional wiping tools?

A

False, they require a special process for sanitization because they use flash memory instead of magnetic storage platters…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is the data sanitation process that uses a very powerful electronic magnet? And can it be used on a hard drive?

A

Degaussing… no, it will render the drive unusable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

At the conclusion of a data destruction process what is the certificate that certifies the process?

A

Certificate of destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What provides a formal coordinated plan that personnel can use when responding to an incident?

A

Incident response plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

This section of the IRP identifies a difference between an event and an actual incident?

A

Definition of incident type

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

This section of the IRP defines the employees required that have expertise in different areas?

A

Incident response team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

This section of the IRP identify specific duties for an incident response team

A

Rules and responsibilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is the part of the IRP that provides direction on how to communicate issues related to an incident?

A

Communication plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What defines a security incident and the incident response procedures?

A

Incident response policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What are two good Times for the IRP to be reviewed?

A

Periodically and in response to lessons learned after incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are the seven phases of an incident response process?

A

Preparation, detection, analysis, containment, eradication, recovery, lessons learned

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the process to identify what initially went wrong that allowed an incident to occur?

A

Root cause analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the scenario base training where participants discuss an analyze a hypothetic incident in a non-threatening environment? And what is a more formal form of hands on hands-on training for an incident?

A

Table top exercise… simulation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is the active process for a skilled computer security expert to actively search for cyber threats that might have slipped past regular security systems?

A

Threat hunting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is the process and techniques used when collecting information after an incident occurs? And what is the assumption with this process?

A

Digital forensics… The data collected will be used as evidence in court

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What refers to the order in which you should collect evidence? And what should be that order?

A

Order of volatility… evidence should be collected from the most volatile and move to the least volatile

36
Q

What is the order from most volatile to least volatile?

A

Cache memory, RAM, swap or page file, disk, attached devices, network

37
Q

What are pieces of data on a device that regular users are unaware of? What are some examples?

A

Forensic artifacts… web history, recycle bin, windows, error, reporting, RDP Cache

38
Q

What referred to the process of collecting data from the OS? And firmware?

A

OS forensics…firmware forensics

39
Q

True or false after a forensic image of the system data is captured, the review will use this version?

A

False a copy will be created for analysis, the original will always be preserved

40
Q

What refers to a legal obligation to maintain different types of data as evidence? And what is the identification and collection of electronically stored information called?

A

A legal hold…eDiscovery

41
Q

Name four pieces of useful meta data?

A

File, email, Web, mobile

42
Q

What is the process that provides assurances that evidence has been controlled and appropriately handled after collection?

A

Chain of custody

43
Q

What is SOAR? And what is it used for? And what do they use?

A

Security, orchestration, automation, and response… they are tools to respond to low level, security events automatically… play books and run books

44
Q

What is an SOAR playbook? And what is a run book?

A

Provides a checklist of things to check for in a suspected incident… implements the playbook checklist using available organization tools

45
Q

What is the set of responsibilities and processes established by an organizations top level management to direct evaluate and controlled organizations security efforts?

A

Security governance

46
Q

What are written doc documents that layout a security plan with a company?

A

Security policies

47
Q

Within a security policy, what describes the purpose of computer systems and networks, how users can access them and the responsibility of users when they access the system?

A

Acceptable use policies

48
Q

Within a security policy, what protects an organization, data and information systems by defining the rules for how to manage, protect and distribute information?

A

Information security policies

49
Q

Within a security policy, what outlines the steps and organization should take to continue operations in the event of a major disruption or disaster?

A

Business continuity and disaster recovery policies

50
Q

Within a security policy, what provides rules for how out the organization will respond to a security incident, such as a data breach or cyber attack?

A

Incident response policies

51
Q

Within a security policy, what provides structure for how software should be developed within an organization?

A

Software development lifecycle policy SDLC

52
Q

Within a security policy, what outlines how changes to IT systems, applications, and network should be managed within an organization?

A

Change management policy

53
Q

What is the difference between a security policy, and a security standard?

A

Policies are typically high-level documents while security standards outline, technical and business requirements for security

54
Q

What are some common security standards?

A

Passwords, access control, physical, security, encryption

55
Q

After security standards, what is the next level of detail? And what are some examples?

A

Security procedures… change management procedures, on boarding procedures, off boarding procedures

56
Q

What is different about security guidelines vice security policy, standards, procedures?

A

Guidelines are optional sets of best practices, whereas the others are all mandatory for employees to follow

57
Q

What refers to the processes an organization uses to manage process and protected data? And what does it offer?

A

Data governance… methods to help ensure or improve the quality of data and method driven by regulations and laws

58
Q

Within data governance, what is the data that is critical to the successive emission within an organization? And what is identified?

A

Critical data… critical data elements

59
Q

With data governance, what role has primary responsibility for specific type of data within the organization? Who is typically this person?

A

DATA owner… Senior executive

60
Q

With data governance, which role is responsible for caring out the intent of the data owners requirements?

A

DATA steward

61
Q

With data governance, which role is responsible for daily routine tasks, such as backing up the data storage of the data and implementation of business rules? Who would be an example of this?

A

DATA custodian…a DBA

62
Q

With data governance, which role is associated with the collection of employee data to carry out company specific operations, for example like payroll?

A

DATA controller

63
Q

With data governance, which role is a third-party organization that uses and manipulates the data on behalf of the #DATA controller? for example, a payroll company would accept the personnel data from the data controller and use it to process a payroll functions

A

Data processor

64
Q

With data governance, which action involves continuous, checking the effectiveness of the organizations security measures? What are some examples of this?

A

Monitoring… routine, security audits, reviews of access logs, ongoing vulnerability scanning

65
Q

With data governance, what activity involves adjusting policy, standards, and procedures as needed based on the results of monitoring?

A

Revision

66
Q

True or false an organization should regular conduct a supply chain analysis to assess any risk associated with the relationships with all vendors, making up their supply chain

A

True

67
Q

When working with vendors in your supply chain, what two policies is it very important to be aware of regarding them?

A

End of life and end of service life

68
Q

Which clause in a cloud provider contract permits, the customer to hire an auditor to review the cloud providers records and Systems?

A

Right to audit clause

69
Q

When selecting a new vendor, what are two steps that should be accomplished?

A

Performing due diligence and assessing any potential conflicts of interest

70
Q

What is an agreement between a company and a vendor that stipulates performance expectations such as minimum up time and maximum downtime levels?

A

Service level agreement

71
Q

What expresses an understanding between two or more parties indicating their intention to work together towards a common goal? And what is another name for this?

A

Memorandum of understanding, MOU… Memorandum of agreement MOA

72
Q

What is a written agreement that details the relationship between business partners, including their obligations towards the partnership?

A

Business partners agreement BPA

73
Q

What agreement is used between two entities to ensure that proprietary data is not disclosed to unauthorized entities?

A

A non-disclosure agreement NDA

74
Q

What provides structure to the agreements for vendors that you will work with repeatedly and contains the general terms of the relationship?

A

Master services agreements, MSA

75
Q

After an MSA is established, when there is new work or projects what can be written?

A

Work order or a statement of work

76
Q

What mandates that organizations protect health information?

A

HIPAA

77
Q

What requires financial institutions to pride consumers with a privacy notice explaining what information they collect and how it is to be used?

A

Grammy-Leach Bliley act GLBA

78
Q

What European union directive mandates protection of privacy data for individuals who live in the EU

A

General data protection regulation, GDPR

79
Q

What outlines a set of strict security requirements for handling cardholder data?

A

Payment card industry, #DATA security standard PCIDSS

80
Q

What are two primary components of an effective compliance monitoring system system?

A

Internal and external monitoring

81
Q

What is the continuous effort of ensuring the organization adheres to compliance requirements and addresses any identify noncompliance in a timely manner?

A

Due care

82
Q

What refers to the verification by individuals within the organization or third parties that the organization is compliant with the relative rules and regulations called?

A

Attesstation

83
Q

What right empowers individuals to request that their personal data be erased from a companies records under specific circumstances?

A

Right to be forgotten

84
Q

What is a detailed list of where important data is kept who can get to it and why it is used?

A

DATA inventory

85
Q

Once a good data inventory is set up. The next important thing is to have rules about how long to keep the data, what is this called?

A

Data retention

MC 701 (16 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions