Asset and Change Management

Question 1

Acquisition

Answer 1

Process of obtaining goods and services

Question 2

Procurement

Answer 2

Entire process of sourcing and obtaining those goods and services, including all
the processes that lead up to the acquisition

Question 3

Purchase Order

Answer 3

Formal document issued by the purchasing department

Dictates payment terms (NET 15, NET 30, NET 60)

Question 4

Internal Approval Process

Answer 4

Ensures purchase alignment with company goals

Question 5

Post-Approval Procurement

Answer 5

■ Product compatibility assessment
■ Security checks and configurations
■ User training
■ Integration into the existing workflow

Question 6

BYOD

Answer 6

Bring Your Own Device

Question 7

COPE

Answer 7

Corporate-Owned, Personally Enabled

Question 8

CYOD

Answer 8

Employees select devices from a company-approved list

Question 9

Asset Management

Answer 9

Systematic approach to governing and maximizing the value of items an entity is responsible for throughout the asset’s life cycle

Question 10

Assignment and Accounting of Assets

Answer 10

Each asset assigned to a person or group, known as owners.
Avoids ambiguity, aids troubleshooting, upgrades, and replacements

Question 11

Asset Monitoring

Answer 11

Maintaining an inventory with specifications, location, and
assigned users

Question 12

Asset Tracking

Answer 12

Goes beyond monitoring, involving the location, status, and condition of assets using specialized software and tracking technologies

Question 13

Enumeration

Answer 13

Identifies and counts assets, especially in large organizations or during times of asset procurement or retirement

Question 14

MDM

Answer 14

Mobile Device Management

Question 15

NIST Special Publication 800-88 (Guidelines for Media Sanitization)

Answer 15

Provides guidance on asset disposal and decommissioning

Question 16

Sanitization

Answer 16

Thorough process to make data inaccessible and irretrievable from storage
medium using traditional forensic methods

Question 17

Overwriting

Answer 17

○ Replacing the existing data on a storage device with random bits of information to ensure that the original data is obscured
○ Repeated several times to reduce any chance of the original data being recovered
○ Overwriting can use a single pass, 7 passes, or 35 passes

Question 18

Degaussing

Answer 18

Utilizes a machine called a degausser to produce a strong magnetic field that can disrupt magnetic domains on storage devices like hard drives or tapes

Permanent erasure of data but makes the device unusable

Question 19

Secure Erase

Answer 19

○ Deletes data and ensures it can’t be recovered
○ Implemented in firmware level of storage devices
○ Built-in erasure routine purges all data blocks
○ Deprecated in favor of cryptographic erase

Question 20

Cryptographic Erase (CE)

Answer 20

○ Utilizes encryption technologies for data sanitization
○ Destroys or deletes encryption keys, rendering data unreadable
○ Quick and efficient method of sanitization
○ Supports device repurposing without data leakage

Question 21

Change Management

Answer 21

Orchestrated strategy to transition teams, departments, and organizations from
existing state to a more desirable future state

Question 22

CAB

Answer 22

Change Advisory Board

Body of representatives from various parts of an organization that is
responsible for evaluation of any proposed changes

Question 23

Change Owner

Answer 23

Individual or team responsible for initiating change request

Question 24

Impact Analysis

Answer 24

Assesses potential fallout, immediate effects, long-term impacts

Question 25

Steps in Change Management

Answer 25

1. Preparation
2. Creating vision
3. Implementation
4. Verification
5. Documentation

Question 26

Scheduled Maintenance Window

Answer 26

Designated timeframes for implementing changes

Question 27

Backout Plan

Answer 27

Pre-determined strategy to revert systems to their original state in case of
issues during change implementation

Question 28

SOPs

Answer 28

Standard Operating Procedures

● Detailed step-by-step instructions for specific tasks
● Ensures consistency, efficiency, and reduces errors in change
implementation within the organization

Question 29

Restricted Activities

Answer 29

Certain tasks labeled as ‘restricted’ due to their impact on system health
or security

Question 30

Version Control

Answer 30

Tracks and manages changes in documents, software, and other files