Chapter 3 - Information Systems

Question 1

End Point Devices?

Answer 1

Any device that connects to the network

Question 2

What Device is used to collect Environmental Data? Challenges?

Answer 2

Internet of Things Senors, Challenge is Secuity and not easy to upgrade

Question 3

What is a UML Diagram sometimes called? What is it?

Answer 3

ERD & Visual Representation of a conceptual Data model that shows tables in a database and the Associations between them.

Question 3

What Do Availability Reports Address?

Answer 3

Uptime and Downtime Durations

Question 4

What is a CSP always responsible for? Examples?

Answer 4

Infrastructure - Networking, Storage, Servers

Question 5

Firewall

What does it do?
Isolates what?

Answer 5

Device that controls the flow of data into and out of an information system at network entry points.
o separates or isolates a network segment from the main network while maintaining the connection between networks

Question 6

Switches

Answer 6

moves data between connected devices in a network.

Question 7

Servers
3 things they do?

Answer 7

are powerful computers that store, process, and manage data

Question 8

• Routers

Answer 8

infrastructure components that receive and send data packets to their intended destinations and determine the best path.

Question 9

Progressive Steps to Test Continuity plan

Answer 9

1. Checklists - Help to execute the complete plan
2. Tabletop exercise - Walkthrough a potential scenario
3. Simulation - Perform all the tasks at the alternate site (except processing)
4. Parallel – Process at both the primary and alternate sites to determine if they are the same
5. Full interruption – Perform all tasks only at the alternate site.

Question 10

BCP (business continuity plan). The correct sequence is:

Answer 10

• Consider possible threats
• Assess potential impacts
• Evaluate critical needs
• Establish recovery priorities

Question 11

Recovery Time Objective (RTO)

Established how?
2 things it calculates?

Answer 11

maximum amount of downtime a business can tolerate
* Established by doing a business impact analysis (BIA)
o Calculates the cost of downtime
 Tangible – Loss of revenue
 Intangible – Harm to reputation

Question 12

Mean Time to recover (MTTR)

Answer 12

• Tracks the average time it takes to restore a service or system after an outage.

Question 13

Which Backup is the most efficient for minimizing backup time and storage usage?

Answer 13

Incremental

Question 14

Which Backup has a longer restoration time than a full backup?

Answer 14

differential

Question 15

Continuous integrations are validated how?
name order 1-4

Answer 15

automated test
1.unit - test on individual components /functions
2. integration - group testing of components /functions
3 system -all components are integrated and the whole system is tested
4. acceptance - final testing is done by end users

Question 16

What does Strategy development remediate?

Answer 16

It bridges the gap between the business impact analysis by looking at the risk and seeing how the business continuity plan should address it.

Question 17

What two steps are after the strategy development phase and what do they do?

Answer 17

1. Provisions and process - measures and procedures are created to mitigate risks
2. Resource prioritization - prioritizes and allocates resources to different identified tasks.

Question 18

Internally encrypted passwords

Answer 18

access control designed to prevent unauthorized access by use of a utility program to identify passwords.

Question 19

What control

1 automatically resubmits correct data
2. Ensures the integrity, accuracy, and completeness of data

Answer 19

Online data entry controls

Question 20

Who is responsible for networks and security, servers and storage, and infrastructure facility?

Answer 20

IAAS

Question 21

Who is responsible for infrastructure, networks and security, servers and storage, operating systems, and database and analytic tools?

Answer 21

Platform as a software

Question 22

Who is responsible for infrastructure, networks and security, servers and storage, operating systems, hosted apps, and databaseand analytic tools?

Answer 22

Software as a service

Question 23

How do you calculate system availability?

Answer 23

Downtown- agreed service time/ agreed service time

Question 24

What cloud service model is best suited for rapidly developing an application while minimizing capital expenditures?

Answer 24

Platform as a service

Question 25

What cloud service model is best suited for rapidly developing an application while minimizing capital expenditures?

Answer 25

Platform as a service

Question 26

Who is responsible for returning acknowledgments?

Answer 26

Gateways

Question 27

Snapshots, rootkits, and misconfiguration of the hypervisor are disadvantages of what?

Answer 27

Virtualization

Question 28

Detecting access from unauthorized components is an advantage of what?

Answer 28

Automated scans

Question 29

Multifactor authentication is considered what in defense in depth strategies ?

Answer 29

Technical control