Domain 4 - IS Operations & Business Resilience

Question 1

RFID (radio frequency identification)

Answer 1

Uses radio waves to locate tagged assets within a limited radius

Question 2

A tag includes:

Answer 2

A microchip and an antenna

Question 3

6 activities needed to develop a risk management program

Answer 3

1. Identify assets
2. Identity threats and vulnerabilities
3. Impact analysis
4. Risk prioritization
5. Control evaluation
6. Implementation of appropriate controls

Question 4

Availability reports

Answer 4

Indicates time period the computer is operating & available for use ; helps determine downtime

Question 5

Hardware error reports

Answer 5

Identifies system failures & initiates corrective action

Question 6

Asset management reports

Answer 6

Inventory of assets/network-connected equipment

Question 7

Utilization reports

Answer 7

Determines level of use of systems; used to predict resource requirements

Question 8

System downtime report

Answer 8

Indicates effectiveness of preventative maintenance programs (high downtime= program not effective)

Question 9

When should preventative maintenance/maintenance functions be performed ?

Answer 9

During non-peak times

Question 10

Source code ; object code

Answer 10

Readable by humans ; computers
- controlled best by date&time stamping

Question 11

Job schedule

Answer 11

Program used to run various processes automatically; also automates tape backups and other maintenance
-reduced probability of error

Question 12

EUCs (end user computing)

Answer 12

System where non programmers can create their own applications;

not subject to testing;

documented policy should be available to address risks

Question 13

OS (operating system) architecture

Answer 13

1. Base = computer hardware
2. Nucleus = basic functions; restricted
3. System software = process’s that support users

Question 14

Free software (3)

Answer 14

Open source - can be listed, modified, or redistributed as required

Freeware - free but source code cannot be redistributed

Shareware - free for trial period with limited functions

Question 15

How to determine unauthorized software

Answer 15

Using automated tool - scan entire network to capture list of installed software and compare to approved software list

Question 16

Registry

Answer 16

System settings and parameters set in configuration files

Question 17

Best method to determine control function within OS

Answer 17

Review of parameters setting

Question 18

Which report optimizes configuration of a server ?

Answer 18

Server utilization reports

Question 19

Hardware maintenance schedules should be validated against

Answer 19

Vendor provided specifications

Question 20

What is a critical/key component in network management?

Answer 20

Change/configuration management

Question 21

Objective of library control software

Answer 21

Provide assurance that program changes are authorized

Question 22

Capacity management

Answer 22

The planning & monitoring of computing/network resources to ensure that the available resources are used efficiently and effectively

Question 23

Problem management

Answer 23

To prevent reoccurrence of an incident by identifying root cause and taking action

Question 24

Problem management steps (5)

Answer 24

1. Report the exception
2. Investigate
3. In-depth analysis
4. Root cause analysis
5. Address issues identified

Question 25

Incident management

Answer 25

Return to normal state as quickly as possible

Question 26

Response time reports

Answer 26

Network management tool - identifies time taken by system to process an IT query by user

Question 27

Downtime reports

Answer 27

Network management tool - tracks availability telecommunication lines and circuits

Question 28

Online monitors

Answer 28

Network management tools - checks data transmission accuracy and errors

Question 29

Network protocol analyzers

Answer 29

Used to monitor packets flowing along a network

Question 30

Simple network management protocol (SNMP)

Answer 30

Monitors and controls variables throughout the network, manages configuration, and collects statistics on performance & security

Question 31

Change management steps (4)

Answer 31

1. Approval
2. Testing
3. Scheduling
4. Rollback arrangements

Question 32

Code signing

Answer 32

Provides assurance that software code has not been modified after sign off

Question 33

What is a key component of network management

Answer 33

Configuration management

Question 34

Patch

Answer 34

Code changes

Impact analysis should be tested/conducted before installation of patch

Question 35

Objective of library control software

Answer 35

Unauthorized changes/access

Question 36

Best assurance of the effectiveness of device provider controls

Answer 36

Independent 3rd party audit report

Question 37

Redundancy

Answer 37

Duplication of data

Question 38

Normalization

Answer 38

Process of reducing duplicate data

Question 39

Concurrency control

Answer 39

Prevent integrity issues during simultaneous updates by multiple users

Question 40

Integrity constraints

Answer 40

Allow only valid predefined data to enter the database & prevent out of range data

Question 41

Structured query language

Answer 41

Programming language for managing date in a database; helps determine PORTABILITY

Question 42

Table link check

Answer 42

Assurance over integrity of database

Question 43

DBA (database administrator) activities

Answer 43

-conduct changes in database table
-conduct backup & recovery procedures
-consult on database interfaces

Question 44

DBAs should NOT perform:

Answer 44

-activities relating to log capturing & monitoring of dba functions
-end user activities
-security patch updates

Question 45

A database should only be changed using a ___ account

Answer 45

DBA

Question 46

Clusters/clustering

Answer 46

Allows 2 or more servers to work as a unit so if 1 fails the other takes over

Question 47

Diverse routing

Answer 47

Routing traffic through split cable facilities or duplicate cable facilities

Question 48

Alternative routing

Answer 48

Routing info via an alternative medium such as copper cables or fiber optics

Question 49

Last mile circuit protection

Answer 49

Redundancy for local communication loop

Question 50

Long haul network diversity

Answer 50

Redundancy for long distance availability

Question 51

Shadow file processing

Answer 51

Duplicate files are maintained at remote site

Question 52

Preparedness test

Answer 52

Simulates a system crash &verified in a localized environment

(DRP testing - cost effective)

Question 53

When RTO is low, use a

Answer 53

Hot site

Question 54

When RPO is low, use

Answer 54

Data mirroring

Question 55

Backup intervals should be aligned with

Answer 55

RPO

Question 56

Quality of service (QoS)

Answer 56

Optimize network performance by assigning priority to bus apps and end users through allocation of dedicated parts of the bandwidth to specific traffic

Question 57

Protocol analyzers

Answer 57

Monitor/record network info

Question 58

Online monitors

Answer 58

Measure telecommunications transmission

Question 59

Cyclic redundancy check (CRC)

Answer 59

Checks for a block of transmitted data - can detect several errors

Question 60

Switches

Answer 60

At a low level of network security and transmit a packet to the device to which it is addressed

Question 61

Hubs

Answer 61

Will broadcast all data to all network posts

Question 62

Routers

Answer 62

Allows packets to be given or denied a access based on address

Question 63

To ensure proper SoD, developers should be

Answer 63

Restricted to development environments only

Question 64

Hardware maintenance programs should be validated against

Answer 64

Vendor specifications

Question 65

Service-level management (SLM)

Answer 65

Negotiate, document, and manage the services in the manner in which the customer requires those services

Question 66

The use of unshielded twisted pair (UTP) in copper will reduce the likelihood of

Answer 66

Crosstalk

Question 67

Most critical elements of DRP

Answer 67

1) backup data
2) key contacts

Question 68

Greatest concern for disaster recovery hot site

Answer 68

Disk space utilization data is not kept current

Question 69

Commitment and rollback procedures ensure

Answer 69

Integrity

Question 70

Load balancing ensures

Answer 70

Uninterrupted system availability by distributing traffic across multiple servers

-consistent response time for web applications

Question 71

Disk to disk backup

Answer 71

Allowed large quantities of data to be backed up in a short time to without impacting system performance

Question 72

The method of routing traffic through split cable or duplicate cable facilities is called

Answer 72

Diverse routing