Chapter 18: Network Operations Flashcards
A ____ is a written document that defines how an organization will protect its IT infrastructure and includes acceptable use policies, network access policies, mobile deployment models, onboarding and offboarding policies, and externally imposed policies.
security policy
A/An ____ defines what is and what is not acceptable to do on an organization’s computing devices.
AUP or Acceptable Use Policy
The ____ defines who may access the network, how they may access the network, and what they can access.
network access policy
A/An ____ mobile deployment model lets employees use their existing portable devices at work.
BYOD or Bring Your Own Device
In a/an ____ deployment model, the corporation owns all the mobile devices and issues them to employees. The corporation is solely responsible for the maintenance of the devices, the applications, and the data. Nothing but company approved software is used on the issued mobile devices.
COBO or Corporate Owned, Business Only
In a/an ____ deployment model, the organization issues mobile devices and employees are presented with a whitelist of pre-approved applications that they may install.
COPE or Corporate Owned, Personally Enabled
An organization offering ____ options provides employees free choice within a catalog of mobile devices. The organization retains complete control and ownership over the mobile devices, although the employees can install their own apps on the mobile devices.
CYOD or Choose Your Own Device
____ is the process of confirming that mobile devices leaving the control of the organization do not store any proprietary applications or data.
Offboarding
____ is the process of verifying that new mobile devices appearing in the organization’s infrastructure are secure and safe to use within the organization.
Onboarding
The process of creating change in your infrastructure in an organized, controlled, and safe way is called ____.
change management
A/An ____ is a document between a customer and a service provider that defines the scope, quality, and terms of service to be provided. ____ requirements are a common part of business continuity and disaster recovery.
SLA or Service Level Agreement
SLA
A/An ____ is a document that defines an agreement between two parties in situations where a legal contract wouldn’t be appropriate. It defines the duties the parties commit to perform for each other and a time frame for the ____.
MOU or Memorandum Of Understanding
MOU
A/An ____ is a legal contract between a vendor and a customer that defines the services and products the vendor agrees to supply and the time frames in which to supply them.
SOW or Statement Of Work
A/An ____ is a legal document that prohibits the signer from disclosing any company secrets learned as part of his or her job.
NDA or Nondisclosure Agreement
A/An ____ is a person, organization, or even a nation state that has both the capability and intent to harm, steal, copy, or otherwise diminish an asset.
threat actor
A/An ____ will inspect a huge number of potential vulnerabilities and create a report for an organization to then act upon.
vulnerability scanner
A/An ____ covers all the various threats and risks to which a company is exposed and includes the cost of negative events in both money and time.
posture assessment
A/An ____ codifies and ranks essential processes, then examines the likelihood of weakness in the process.
process assessment
A/An ____ examines all aspects of a third party’s security controls, processes, procurement, labor policies, and more to see what risks that third party poses to the organization.
vendor risk assessment
Incidents that take place within the organization that can be stopped, contained, and remedied without outside resources are handled by ____ planning.
incident response
If an incident can no longer be contained, causing significant damage or danger to the immediate infrastructure, it is covered under ____.
disaster recovery
If the disaster requires actions offsite from the primary infrastructure, it is under the jurisdiction of ____.
business continuity
A/An ____ sets an upper limit to how much lost data the organization can tolerate if it must restore from a backup, effectively dictating how frequently backups must be taken.
RPO or Recovery Point Objective
The ____ sets an upper limit to how long the organization can tolerate an outage before full functionality must be restored.
RTO or Recovery Time Objective
The ____ factor, which typically applies to hardware components, represents the manufacturer’s best guess regarding how much time will pass between major failures of that component.
MTBF or Mean Time Between Failures
The ____ factor indicates the length of time a device is expected to last in operation before a single definitive failure will occur and will require that the device be replaced rather than repaired.
MTTF or Mean Time To Failure
The ____ is the amount of time it takes to fix a system after it fails.
MTTR or Mean Time To Repair
A/An ____ details risks to critical systems, cost to replace or repair such systems, and how to make those replacements or repairs happen in a timely fashion.
BCP or Business Continuity Plan
A/An ____ is a location that consists of a building, facilities, desks, toilets, parking - everything that a business needs except computers. It generally takes more than a few days to bring it online.
cold site
A/An ____ starts with the same components as a cold site, but adds computers loaded with software and functioning servers, a complete hardware infrastructure, that lacks current data and may not have functioning Internet/network links. It should only take a day or two to bring it online.
warm site
A/An ____ has everything a warm site does, but also includes very recent backups and might need just a little data restored from a backup to be current. In many cases it is a complete duplicate of the primary site and should only take a few hours to bring online.
hot site
With a/an ____, everything of note is stored in the cloud, including servers, client machine images, applications, and data. If some disaster hits, an organization can quickly move to a new location unaffected by the disaster and access its resources as soon as it has Internet connectivity.
cloud site
____ is identifying people who can take over certain positions (usually on a temporary basis) in case the people holding those critical positions are incapacitated or lost in an incident or disaster.
Succession planning
____ is the science of gathering, examining, analyzing, preserving, and presenting evidence stored on a computer or any form of digital media that is presentable in a court of law.
Computer forensics
In general, when you are in a situation where you are the first responder, you need to do the following three things:
- Secure the area
- Document the scene
- Collect evidence
____ is the paper trail of who has accessed or controlled a given piece of evidence from the time it is initially brought into custody until the incident is resolved.
Chain of custody
A/An ____ is the process of an organization preserving and organizing data in anticipation of or in reaction to a pending legal issue.
legal hold
Through what mechanism is a change to the IT structure initiated?
Users submit a change request to the change management team.
The best way to know the vulnerabilities of an IT infrastructure is to run what?
A vulnerability scanner
During and after a change to the IT infrastructure, what must be done?
The changes must be documented.
What is the job of a first responder?
To react to the notification of a computer crime.
When is a memorandum of understanding (MOU) used?
When a legal contract is not appropriate