Domain 2: Compliance and Operational Security Flashcards

1
Q

Managing Risk

A

Acceptance, Transference, Avoidance, Deterrence, Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Security Controls

A

Technical, Management, Operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security Measures

A

Detective, Preventative, Compensating, Corrective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Confidentiality

A

Threats: Eavesdropping, system compromise and access
Defense: cryptosystems, access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Integrity

A

Threats: spoofing, system compromise and access
Defense: digital signatures and hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Availability

A

Threats: denial of service
Defense: redundancy, fault tolerance, and patching

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

CIA triad +1

A

confidentiality, integrity, availability, safety

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Incident Response Steps

A

PICERL: prepare, identify, contain, eradicate, recover,

lessons learned and follow up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

OOV

A

order of volatility

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SPF

A

single point of failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

BIA

A

business impact analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

DRP

A

disaster recovery plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

MTTR

A

mean time to recovery - average time to recover asset - key in DRP and COO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

MTBF

A

mean time between failures - average time between critical failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RTO

A

recovery time objective - minimum recovery time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

RPO

A

recovery point objective - minimum amount of data restored

17
Q

COO

A

continuity of operations - prep for ongoing operations

18
Q

BCP

A

business continuity plan

19
Q

SaaS

A

software as a service - e.g. application in the cloud

20
Q

PaaS

A

platform as a service: e.g. plain operating system as a service

21
Q

IaaS

A

infrastructure as a service - e.g. date center in the cloud

22
Q

ISA

A

interconnection service agreement

23
Q

MOU

A

memorandum of understanding,

24
Q

SLA

A

service level agreement

25
Q

BPA

A

business partnership agreement

26
Q

ARO

A

annualized rate of occurance

27
Q

SLE

A

single loss expectancy. SLE = AV x EF (SLEAVE + F)

28
Q

ALE

A

annual loss expectancy. SLE x ARO

29
Q

AV

A

asset value

30
Q

EF

A

exposure factor

31
Q

ADS

A

alternate data streams (hiding files)

32
Q

AUP

A

acceptable use policy

33
Q

Backup Types

A
  • full
  • copy
  • incremental
  • differential
34
Q

Full Backup

A

full system back up. slowest to backup, fastest to restore

35
Q

Copy Backup

A

disk image

36
Q

Incremental Backup

A

goes back to last incremental or full back up. fastest to back up, slowest to restore

37
Q

Differential Backup

A

goes to last full backup only