Domain 3.2

Question 1

What type of plan/procedure details how to make a change?

Answer 1

Change Management

Question 2

true or false: change management is easy to implement

Answer 2

False:

It is easily over looked and is considered very challenging.

Essential to have clear policy surrounding add/change/remove

Question 3

What is the NIST SP800-61

Answer 3

Provides a handling guide for security incidents

Question 4

What are the steps included in an incident response lifecycle

Answer 4

-Preparation

-Detection & Analysis

-Containment, Eradication, and recovery

• post incident activity

Question 5

What are some disasters that could occur

Answer 5

Human created disasters

Natural disasters

technology or system failures

Question 6

What are some components of a comprehensive recovery plan

Answer 6

• Recovery location
• Data recovery method
• Application restoration
• IT team and employee availability

Question 7

Describe COOP or BCP

Answer 7

Continuity of operations Planning involves the process of creating alternatives methods of operations that allow the company to continue business in the event of a total system failure.

Question 8

Give some examples of a COOP

Answer 8

• Manual transactions
• Paper receipts
• phone calls for approval rather than email

Question 9

what are some concerns when it comes to system lifecycles

Answer 9

Disposal of systems and their information could be unlawful.

You may need to store devices or data for particular amounts of time, or maintain data.

shred sensitive data, never throw it in the trash

Question 10

What is a SOP

Answer 10

Standard operating procedure

Processes and procedures of a business.

Question 11

What is an important component to SOPs

Answer 11

They must be documented and written down.

There should be SOPs for the notification of downtime, and facilities issues

Question 12

Name two common agreements

Answer 12

SLA -
Minimum level of service to be provided
uptime, response time

MOU -
Both sides agree on the contents of the memo.
Usually include statement of confidentiality

Question 13

What are the two types of NDAs

Answer 13

Unilateral (single parties) or Bilateral (Both parties)

Question 14

Describe some qualities of a good password policy

Answer 14

High password Entropy ( Very difficult to guess)

• No single words

Mix upper and lower case with special characters

Passwords at least 8 characters

Question 15

What is an AUP

Answer 15

Acceptable use policy

Detailed document that covers many topics, internet, telephones, PCs

Used by company to limit legal liability

Question 16

What is a remote access policy

Answer 16

Policy for everyone that specifies technical requirements such as:

-Encrypted connection

-Confidential credentials

-hardware/software requirements

Question 17

What is the use of a floor plan

Answer 17

Used for network documentation to overlay the wired and wireless network with the existing architectural layout.

-Wires in celling

• AP locations

Question 18

Where does a floor plan come in handy

Answer 18

Great for matching end-user desks with a patch on the panel in the IDF/MDF

Also great for planning network projects

Question 19

What is a physical network map

Answer 19

A map that follows physical wire and devices. This can include physical rack locations as well.

Question 20

What is a distribution frame

Answer 20

Often a room or a laocation which serves a a major part of the network

Typically mounted on wall or flat surface and contains punchdown blocks and patch panels

Question 21

What is an MDF

Answer 21

Main distribution Frame -

Central point of the network
- usually in a data center

-Termination point for WAN connections which makes it a good spot to test both ends of the WAN

Question 22

What is an IDF

Answer 22

Intermediate Distribution Frame -

Extension of the MDF and a strategic distro point

uplinks from the MDF and may include workgroup switches, and other local resources

Question 23

What is a logical network map?

Answer 23

Specialized software that provides a high level view of the WAN layout, and application flows.

Useful for planning and collaboration

Question 24

What are the standards for the presentation of information that includes cable, pathway, space, and grounding identifiers in a commercial building?

Answer 24

ANSI/TIA/EIA 606

Question 25

What is the use of a site survey

Answer 25

Identify Access Points

Determine the current wireless landscape

Create heat map of wireless network

Question 26

Describe internal and external audits

Answer 26

Internal -
Self imposed checks
Validate permissions, check access logs, verify user account status

External - May be required for compliance regulations

Question 27

What is the point of fault tolerance

Answer 27

To maintain uptime in the case of a system failure

Question 28

what is a drawback to fault tolerance

Answer 28

It increases cost and complexity to managing systems

Question 29

What are some single device fault tolerance examples

Answer 29

RAID, Redundant power supplies NIC Teaming

Question 30

What are some multi-device fault tolerance examples

Answer 30

Serverfarms with load balancing

Multiple network paths

Question 31

What is clustering

Answer 31

A logical collective of servers

Question 32

What is load balancing

Answer 32

Shared service load across components

Question 33

What is implied by HA

Answer 33

High availability -

Always on, always available.

Redundancy does not mean always available

Question 34

What are the downsides to HA

Answer 34

Higher quality server components, and an ever growing list of contingencies that should be planned for.