Class two

Question 1

Governance

Answer 1

The methods used by an executive to keep their organization on track with management’s goals and within acceptable performance standards. Usually achieved through establishing policies, procedures, and controls that match the enterprise’s vision, strategy, and risk appetite.

Question 2

Policy

Answer 2

1) high level statement of intent providing guidance on principles an organization follows. 2) Settings, including security settings, inside a software program or OS.

Question 3

Procedure

Answer 3

guidance or specific instruction on the process/method that should be used to achieve an objective.

Question 4

PAMS

Answer 4

Privileged account management system - used to control and monitor activities of privileged accounts.

Question 5

Red team

Answer 5

team of penetration testers that look for potential exploits in the system, infrastructure, or website.

Question 6

Penetration test

Answer 6

method to identify potential vulnerabilities that could be exploited. Includes exploring how they could be exploited.

Question 7

Vulnerability assessment

Answer 7

Finding and classifying security gaps. Not about exploring ways to exploit them. Often used by pen testers.

Question 8

Zero day

Answer 8

First time malware or exploit is discovered, no procedures or tools available yet to deal with it.

Question 9

Business continuity plans

Answer 9

BCP - describes how to restore critical products or services to customers should a substantial event cause disruption to them.

Question 10

Technical disaster recovery plan

Answer 10

Actual processes, people, information, and assets required to put a digital system back in place within a timeline defined by the BCP.

Question 11

RITE

Answer 11

Responsibility, integrity, trust, ethicality