Explaining Organizationals And Physical Security Concepts

Question 1

Settings for services and policy configuration for a network appliance or for a server operating in a particular application role (web server, mail server, file/print server and so on)

Answer 1

Configuration Baseline

Question 2

Process for approving, preparing , supporting and a managing new or updated business processes or technologies

Answer 2

Change management

Question 3

Documentation of best practice and work instructions to use to perform a common administrative task.

Answer 3

Standard operating procedure (SOP)

Question 4

Detailed and specific evaluation of a process, procedure, organization, job function or system in which results are gathered and reported to ensure that the target of the audit is in compliance with the organizations policies, regulations and legal responsibilities

Answer 4

Audit reports

Question 5

Controlled acquisition deployment use and decommissioning of assets.

Answer 5

System life cycle roadmap

Question 6

Documentation detailing site premises using an accurate scale

Answer 6

floor plan

Question 7

Documentation of connector pin outs and/or cable runs

Answer 7

Wiring diagram

Question 8

Passive wiring panel providing a central termination point for cabling. It distributes backbone or vertical wiring through a building and connections to external access provider networks.

Answer 8

Main distribution frame (MDF)

Question 9

Passive wiring panel providing a central termination point for cabling. An IDF is an optional layer of distribution frame hierarchy that cross-connects vertical backbone cabling to an MDF to horizontal wiring to wall ports on each floor of a building or each building of a campus network

Answer 9

Intermediate distribution frame (IDF)

Question 10

Storage solution for server and network equipment. Racks are designed to a standard width and height (measured in multiples of 1U or 1.75”). Racks offer better density, cooling and security than ordinary office furniture.

Answer 10

Rack

Question 11

Procedures and guidelines covering appropriate priorities, actions and responsibilities in the event of security incidents divided into preparation, detection/analysis, containment, eradication/recovery, and post-incident stages.

Answer 11

Incident response plan

Question 12

Documented and resources plan showing actions and responsibilities to be used in response to critical incidents

Answer 12

Disaster recovery plan (DRP)

Question 13

Collection of processes and resources that enable an organization to maintain normal business operations in the face of some adverse event.

Answer 13

Business continuity plan (BCP)

Question 14

Process of bringing in a new employee, contractor or supplier

Answer 14

Onboarding

Question 15

Process of ensuring that all HR and other requirements are covered when an employee leaves an organization. Also called an exit interview.

Answer 15

Offboarding

Question 16

Security policy that promotes user selection of strong passwords by specifying a minimum password length, requiring complex passwords, requiring periodic password changes and placing limits on reuse of passwords

Answer 16

Password policy

Question 17

Policy that governs employees’ use of company equipment and internet services. ISPs may also apply AUPs to their customers. Also called fair use policy.

Answer 17

Acceptable use policy (AUP)

Question 18

Software solution that detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks.

Answer 18

Data loss prevention (DLP)

Question 19

Agreement that sets the service requirements and expectations between a consumer and a provider

Answer 19

Service level agreement (SLA)

Question 20

Agreement that stipulates that entities will not share confidential information, knowledge, or materials with unauthorized third parties

Answer 20

Non disclosure agreement (NDA)

Question 21

Usually a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve the exchange of money.

Answer 21

Memorandum of understanding (MOU)

Question 22

Authentication mechanism that allows a user to present a smart card to operate an entry system

Answer 22

Badge reader

Question 23

Authentication mechanism that allows a user to perform a biometric scan to operate an entry or access system. Physical characteristics stored as a digital data template can be used to authenticate a user. Typical features used include facial pattern, iris, retina, fingerprint patter and signature recognition.

Answer 23

Biometric

Question 24

Secure entry system with two gateways, only one of which is open at any one time. Previously known as mantrap though this terminology is now deprecated.

Answer 24

Access control vestibule