Chapter 2 - Concepts To Know Flashcards
1
Q
What are the methods to address risk?
A
Avoidance
Acceptance
Transference
Mitigation
2
Q
What are the design requirements related to business requirements analysis?
A
- Assets can be tangible, intangible, or personnel
- Business impact analysis defines which of the assets provide the intrinsic value of an organization
- Criticality denotes those aspects of an organization without which the organization could not operate or exist
- Risk appetite is the level, amount, or type of risk that an organization finds acceptable
3
Q
What are the boundaries of the cloud model?
A
IaaS
PaaS
SaaS
4
Q
What are the roles related to layered defenses?
A
Cloud Provider
Cloud Customer
5
Q
This cloud role includes:
* strong personal controls, involving background checks and continual monitoring
*technological controls such as encryption, event logging, and access control enforcement
*physical controls related to both the overall campus
governance mechanisms and enforcement, such as strong policies and regular, thorough audits
A
Cloud Provider
6
Q
This cloud role includes:
- training programs for staff and users that include good coverage of security topics
- contractual enforcement of policy requirements
- use of encryption and logical isolation mechanisms
- strong access control methods
A
Cloud Customer
7
Q
What are the ways for securing devices in the datacenter?
A
- All guest accounts are removed
- No default passwords remain
- Systems are patched, maintained, and updated according to vendor guidance
- All unused ports are closed
- Physical access is severely limited and controlled
