Domain 2: Compliance and Operational Security Flashcards

1
Q

Managing Risk

A

Acceptance, Transference, Avoidance, Deterrence, Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Controls

A

Technical, Management, Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Measures

A

Detective, Preventative, Compensating, Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality

A

Threats: Eavesdropping, system compromise and access
Defense: cryptosystems, access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Integrity

A

Threats: spoofing, system compromise and access
Defense: digital signatures and hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Availability

A

Threats: denial of service
Defense: redundancy, fault tolerance, and patching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CIA triad +1

A

confidentiality, integrity, availability, safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Incident Response Steps

A

PICERL: prepare, identify, contain, eradicate, recover,

lessons learned and follow up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OOV

A

order of volatility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SPF

A

single point of failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

BIA

A

business impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DRP

A

disaster recovery plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

MTTR

A

mean time to recovery - average time to recover asset - key in DRP and COO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

MTBF

A

mean time between failures - average time between critical failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RTO

A

recovery time objective - minimum recovery time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RPO

A

recovery point objective - minimum amount of data restored

17
Q

COO

A

continuity of operations - prep for ongoing operations

18
Q

BCP

A

business continuity plan

19
Q

SaaS

A

software as a service - e.g. application in the cloud

20
Q

PaaS

A

platform as a service: e.g. plain operating system as a service

21
Q

IaaS

A

infrastructure as a service - e.g. date center in the cloud

22
Q

ISA

A

interconnection service agreement

23
Q

MOU

A

memorandum of understanding,

24
Q

SLA

A

service level agreement

25
BPA
business partnership agreement
26
ARO
annualized rate of occurance
27
SLE
single loss expectancy. SLE = AV x EF (SLEAVE + F)
28
ALE
annual loss expectancy. SLE x ARO
29
AV
asset value
30
EF
exposure factor
31
ADS
alternate data streams (hiding files)
32
AUP
acceptable use policy
33
Backup Types
- full - copy - incremental - differential
34
Full Backup
full system back up. slowest to backup, fastest to restore
35
Copy Backup
disk image
36
Incremental Backup
goes back to last incremental or full back up. fastest to back up, slowest to restore
37
Differential Backup
goes to last full backup only