CCSP Domain 5: Maintenance Flashcards

1
Q

How often should CMB meet?

A

often enough to address organizational needs and reduce frustration with delay; frustrated employees and managers can increase risk to the organization by implementing their own, unapproved modifications to the environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What should the update procedure include?

A
  1. document how, when and why the update was initiated by the vendor
  2. move the update through the CM process
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the update procedure?

A
  1. put the systems and devices into maintenance mode
  2. apply the updates to the necessary systems and devices; annotate the asset inventory to reflect the changes
  3. verify the update; run tests on the production environment to ensure all necessary systems and devices have received the update - if missed, repeat the installation until complete
  4. validate the modifications; ensure intended results of the update have taken effect and interactions with the rest of the environment work appropriately
  5. return to normal operations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What document should cover patching?

A

patching, like any other form of maintenacne should be covered in SLAs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Agreed upon schedule and patching threshold should be covered by what document?

A

contract

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does configuration management entail?

A

documenting the approved settings for systems and software, which helps establish baselines within the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is CM?

A

change and configuration management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does CM begins with?

A

baselining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is baselining?

A

a way of taking an accurante account of the desired standard state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is important to incorporate in baselines?

A

security controls with a thorough description of each one’s purpose, dependencies and supporting rationale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is it essential to include security controls in baselines?

A

so that business is informed about risk management as changes are considered to be implemented through the CM process; need to know if changes introduce any new risks for which compensatory controls would need to be implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What stakeholders should provide input for creating baselines?

A

IT, security office, management, users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Baseline should be a reflection of what?

A

risk appetite of the organization; provides optimum balance between security and operational functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When baseline provides the gratest value?

A

when it’s applied to the greatest amount of covered systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Are baselines the be-all and end-all of system security?

A

no, it just serves as a standard against which to compare and validate all systems in the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is it important to continually test the baselines?

A

to continually test the baselines to determine that all assets are accounted for and to detect antrhing that differes from the baseline

17
Q

What needs to be done with baseline deviations?

A

need to be documented and reviewed, whether they are intentional or unintentional, as they pose a risk to the organization

18
Q

What needs to be assured in order for a baseline to be successful?

A

needs to be flexible, so that exception request process is timely and responsive to the needs of the organization and its users

19
Q

Why is it important to have flexible and timely modifications to the baselines?

A

to avoid frustrated users, who then may circumvent the security controls and introduce significant risks

20
Q

Why is it important to track exceptions and deviations to the baselines?

A

ensuring regulatory compliance and security control coverage as well as allow meaningful modifications to the baselines, if a considerable amount of users report the same issue caused by the baseline controls

21
Q

How many baselines shuld be created?

A

depending on how many systems organization uses - baseline shuld be created for each type of system in the environment

22
Q

What is the CM process in the normal operational mode of the organization?

A
  1. CMB meetings; CMB meets to analyze and review change and exception requests - authorize, reject or ask for additional effort
  2. CM testing; if authorized, change needs to be tested before deployed
  3. Deployment; change implemented and then reported to CMB
  4. Documentation; modifications to the environment are documented and reflected in the asset inventory
23
Q

What is the initial CMB process?

A
  1. full asset inventory; crucial to know what assets are used - can be aided by BIA
  2. codification of the baseline; formal action that includes all members of CMB
  3. secure baseline build; version of baseline is constructed and stored for later use
  4. deployment of new assets; when new assets are deployed, relevant baseline has to be installed
24
Q

Who should be CMB composed of?

A

IT, security, legal, management, finance and acquisition, HR, general users, anyone who would be useful in this process

25
What are commonly maintenance-related orchestrated tasks?
patch management and VM reboots
26
What is the difference between change management and change control?
* change management: policy that details how changes will be processed in an organization; guidance on the process * change control: process of evaluation a change request to decide, if it should be implemented; process in action
27
What approach helps with automating change managment?
CI/CD and IaaC
28
What is a credentialed scan?
powerful vulnerability scan that has higher privileges than a non-credentialed scan
29
What are non-intrusive scans?
passive scans that merely report vulnerabilities; do not cause damage to a system
30
What are intrusive scans?
cause damage as they try to exploit the vulnerabilty and should be used in a sandbox and not on a live production system
31
What is the name of components or services that are managed as part of a configuration management effort?
CIs (configuration items)
32
What are configuration models used for?
used to evaluate changes and causes of incidents
33
What are configuration records?
records that describe configuration item relationships and settings