IS4550 CHAPTER 15 Flashcards

1
Q

A formal process that controls changes to systems. It ensures changes have minimal impact on operations and is called ___.

A

CHANGE MANAGEMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A collection of activities that track system configuration. It starts with a baseline and continues through a system’s life cycle including changing and monitoring is called ___.

A

CONFIGURATION MANAGEMENT (CM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A standard image mandated for use on all systems running Window XP or Vista in any federal agency. This image locks down the operating system with specific security setting is called ___.

A

FEDERAL DESKTOP CORE CONFIGURATION (FDCC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

An automated management tool used in Microsoft domains. Administrators can configure a setting one time and it will apply to multiple users and computers is called ___.

A

GROUP POLICY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A technology used to create baselines of systems. It is captured from a source computer then can be deployed to other systems. Images include the operating system, applications, configuration settings, and security settings is called ___.

A

IMAGING

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A group of specifications that standardize how security software products measure, evaluate, and report compliance and is called ___.

A

SECURITY CONTENT AUTOMATION PROTOCOL (SCAP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A protocol used to query and manage network devices. V1 had known vulnerabilities such as transmitting the community name in clear text. V2 and V3 improved security and performance and is called ___.

A

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

.A set of standards and technologies used to query and manage systems and applications in a network. It is used on the Internet and on internal networks and is called ___.

A

WEB-BASED ENTERPRISE MANAGEMENT (WBEM)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Microsoft’s implementation of WBEM. It is a specification defining how to query and manage Microsoft clients and servers is called ___.

A

WINDOW MANAGEMENT INSTRUMENTATION (WMI)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. A ___ is a starting point or standard. Within IT, it provides a standard focused on a specific technology used within and organization.
A

Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. An operating system and different applications are installed on a system. The system is then locked down with various setting. You want the same operating system, applications, and settings deployed to 50 other computers. What is the easiest way?
  2. Scripting
  3. Imaging
  4. Manually
  5. Spread the work among different departments
A

Imaging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. After a set of security settings has been applied to a system, there is no need to recheck these settings on the system.
    TRUE OR FALSE
A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. The time between when a new vulnerability is discovered and when software developers start writing a patch is known as a ___.
A

Vulnerability window or security gap

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Your organization wants to automate the distribution of security policy settings. What should be considered?
  2. Training of administrators
  3. Organizational acceptance
  4. Testing for effectiveness
  5. All the above
A

Training of administrators
Organizational acceptance
Testing for effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Several tools are available to automate the deployment of security policy settings. Some tools can deeply baseline setting. Other tools can deploy changes in security policy settings.
    TRUE OR FALSE
A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. An organization uses a decentralized IT model with a central IT department for core services and security. The organization wants to ensure that each department is complying with primary security requirements. What can be used to verify compliance?
  2. Group policy
  3. Centralized change management policies
  4. Centralized configuration management policies
  5. Random audits
A

Random audits

17
Q
  1. Change requests are tracked in a control work order database. Approved changes are also recorded in a CMDB.
    TRUE OR FALSE
A

TRUE

18
Q
  1. An organization wants to maintain a database of system settings. The database should include the original system settings and any changes. What should be implemented within the organization?
  2. Change management
  3. Configuration management
  4. Full ITIL life cycle support
  5. Security Content automation Protocol
A

Configuration management

19
Q
  1. An organization wants to reduce the possibility of outages when changes are implanted on the network. What should the organization use?
  2. Change management
  3. Configuration management
  4. Configuration management database
  5. Simple Network Management Protocol
A

Change management

20
Q
  1. Which NIST standard was developed for different scanning and vulnerability assessment tools, and comprises six specifications including XCCDF?
  2. SNMP
  3. WBEM
  4. SCAP
  5. WMI
A

SCAP

21
Q
  1. Microsoft created the Web-Based Enterprise Management (WBEM) technologies for Microsoft products.
    TRUE OR FALSE
A

FALSE

22
Q
  1. Which of the following specifications is used exclusively in Microsoft products to query and configure systems in the network?
  2. WMI
  3. WBEM
  4. SNMP
  5. SCAP
A

WMI

23
Q
  1. Which of the following is used to manage and query network devices such as routers and switches?
  2. WMI
  3. WBEM
  4. SNMP
  5. SCAP
A

SNMP

24
Q
  1. A ___ can be used with a downloaded file. It offers verification that the file was provided by a specific entity. It also verifies the file has not been modified.
A

Digital signature