ISC4 Flashcards
最後一次機會考ISC
根據COBIT 2019中不同管理目標的具體內容,以下應該是哪個目標
·Focuses on integrating IT solutions into business processes.
·Manages capacity, organizational changes, and IT assets.
COBIT 2019 - Build, Acquire, and Implement (BAI)
Managed knowledge, managed organizational change, and managed availability and capacity
管理知識、管理組織變革,以及管理可用性和能力
changes
根據COBIT 2019中不同管理目標的具體內容,以下應該是哪個目標
·Focuses on IT service delivery, security, and support.
·Directly related to managing security services and ensuring continuity.
COBIT 2019 - Deliver, Service, and Support (DSS)
Covers IT security (DSS05), business process controls (DSS06), and business continuity (DSS04).
根據COBIT 2019中不同管理目標的具體內容,以下應該是哪個目標
·Focuses on evaluating IT performance and ensuring alignment with targets.
·Involves internal control management but does NOT specifically address IT security, business process controls, or business continuity.
COBIT 2019 - Monitor, Evaluate, and Assess (MEA)
-專注於評估 IT 績效,並確保與目標一致。
根據COBIT 2019中不同管理目標的具體內容,以下應該是哪個目標
·Focuses on IT strategy, governance, and planning.
·Supports core functions like HR, budgeting, and risk management.
Does NOT directly cover IT security, business process controls, or business continuity.
COBIT 2019 - Align, Plan, and Organize (APO)
planing
根據COBIT 2019中不同管理目標的具體內容,以下應該是哪個目標
ensured stakeholder management, ensured resource optimization, and ensured benefits delivery
Evaluate, Direct, and Monitor (EDM)
EDM
Ensured governance framework setting and maintenance, ensured benefits delivery, ensured risk optimization, ensured resource optimization, and ensured stakeholder engagement.
包括五個目標:確保管治架構的設定與維護、確保效益交付、確保風險最佳化、確保資源最佳化、確保利害關係人參與。
stakeholder
Inheritance controls
controls implemented at the organizational level and adopted/inherited by information systems.
“繼承控制”是指在組織層面上實施的控制措施,這些措施可以被信息系統採用或繼承。這類控制措施通常適用於整個組織的多個系統,因此單個系統不需要各自實施相同的控制,而是直接繼承組織層面的控制。
例子:
安全策略:組織在全公司範圍內實施了一套網絡安全策略,所有的IT系統都必須遵守這些策略。這樣,個別系統不需要為自己制定安全策略,而是繼承了組織層級的安全控制。
Baseline controls
Baseline controls are required to be in conformance to the control family. Baseline controls do not enhance existing controls.
基線控制是指必須符合控制家族(即一組相關聯的安全控制措施)的基本控制措施。基線控制通常是最低要求的控制,旨在確保系統的安全性達到基本標準,但它們不會增強現有的控制措施。
例子:
訪問控制:組織要求每個系統都至少使用密碼保護用戶帳戶,這是基線控制的一部分。這是一個基本的安全措施,確保每個系統的訪問控制達到最低標準,但它不會進一步增強(如多因素認證則屬於增強控制)。
which control?
Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.
Control 01: Inventory and Control of Enterprise Assets
涉及主動管理(清單、跟蹤和修正)所有企業資產,包括實體和虛擬基礎設施,準確了解需要監控和保護的資產,並識別未經授權的資產。
which control?
Actively manage (inventory, track, and correct) all software (operating systems and applications) on the network so that only authorized software is installed and can execute, and that unauthorized and unmanaged software is found and prevented from installation or execution.
Control 02: Inventory and Control of Software Assets
專注於管理和控制軟體,以防止未經授權的應用程式執行。
which control?
Develop processes and technical controls to identify, classify, securely handle, retain, and dispose of data.
Control 03: Data Protection
開發過程和技術控制以識別、分類、安全處理、保留和處理數據
which control?
Establish and maintain the secure configuration of both software and assets within the enterprise
Control 04: Secure Configuration of Enterprise Assets and Software
涉及建立和維護企業資產和軟件的安全配置,包括終端用戶設備、網絡設備、物聯網設備和伺服器。
which control?
Use processes and tools to assign and manage authorization to credentials for user accounts, including administrator accounts, as well as service accounts, to enterprise assets and software.
Control 05: Account Management
專注於管理與各種帳戶綁定的憑證授權(用戶驗證身份之後可以做什麼,例如管理員帳戶和一般帳戶)。
which control?
Use processes and tools to create, assign, manage, and revoke access credentials and privileges for user, administrator, and service accounts for enterprise assets and software.
Control 06: Access Control Management
使用流程和工具來建立、指派、管理和撤銷企業資產和軟體的使用者、管理員和服務帳號的存取憑證和權限。
專注於管理各種帳戶的存取憑證(帳號密碼)和權限。
which control?
Develop a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure, in order to remediate and minimize the window of opportunity for attackers. Monitor public and private industry sources for new threat and vulnerability information.
Control 07: Continuous Vulnerability Management
涉及制定計劃,持續評估和跟踪所有企業資產上的漏洞,以減少攻擊機會,並監控行業來源的新威脅信息。
which control?
Collect, alert, review, and retain audit logs of events that could help detect, understand, or recover from an attack.
Control 08: Audit Log Management
專注於蒐集和管理稽核記錄,以偵測和回應安全事件。
which control?
Improve protections and detections of threats from email and web vectors, as these are opportunities for attackers to manipulate human behavior through direct engagement.
Control 09: Email and Web Browser Protections
改善對來自電子郵件和網頁瀏覽器的威脅的保護和檢測,這些是攻擊者通過直接接觸來操縱人類行為的機會。
which control?
Prevent or control the installation, spread, and execution of malicious applications, code, or scripts on enterprise assets.
Control 10: Malware Defenses
which control?
the recommendation to establish and maintain practices relevant to data sufficient to restore in-scope enterprise assets to a pre-incident and trusted state
Control 11: Data Recovery
protecting recovery data and performing automated backups.
涉及保護恢復數據和執行自動化備份。
which control?
Establish, implement, and actively manage (track, report, correct) network devices in order to prevent attackers from exploiting vulnerable network services and access points.
Control 12: Network Infrastructure Management
包括安全管理網絡基礎設施、確保網絡組件更新及建立和維護安全的網絡架構。
securely managing the network, ensuring the network components are up-to-date, and establishing and maintaining a secure network architecture
Control 12 強調網絡設備的主動管理和配置,防止攻擊者利用基礎設施中的漏洞。(未發生)
which control?
Operate processes and tooling to establish and maintain comprehensive network monitoring and defense against security threats across the enterprise’s network infrastructure and user base.
collecting network traffic flow logs, managing access controls for remote assets, and centralizing security event alerting.
Control 13: Network Monitoring and Defense
包括收集網絡流量日誌、管理遠程資產的訪問控制及集中安全事件警報。
Control 13 強調監控和防禦,以便及時發現和應對已經發生的安全威脅。(偵測和控制)
which control?
establishing and maintaining a security awareness program, training workforce members to recognize social engineering attacks, and training workforce members on authentication best practices.
Control 14: Security Awareness and Skills Training
涉及建立和維護安全意識計劃、訓練員工識別社會工程攻擊及最佳身份驗證實踐。
which control?
Develop a process to evaluate service providers who hold sensitive data or are responsible for an enterprise’s critical IT platforms or processes, to ensure these providers are protecting those platforms and data appropriately.
Control 15: Service Provider Management
制定一套程序,以評估持有敏感資料或負責企業關鍵 IT 平台或程序的服務供應商,確保這些供應商適當地保護這些平台和資料。
which control?
Manage the security life cycle of in-house developed, hosted, or acquired software to prevent, detect, and remediate security weaknesses before they can impact the enterprise.
Control 16: Application Software Security
涉及管理自家開發、托管或購買的軟件的安全生命週期,以防止、檢測和修補安全漏洞,防止其影響企業。
which control?
Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.
Control 17: Incident Response Management
涉及建立並維護一個應急響應計劃,包括政策、計劃、程序、角色定義、培訓和通信,以準備、檢測並快速回應攻擊。
which control?
Test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in controls (people, processes, and technology), and simulating the objectives and actions of an attacker.
Control 18: Penetration Testing
滲透測試
涉及測試企業資產的有效性和韌性,通過識別和利用控制中的弱點來模擬攻擊者的行為。
simulate 模擬攻擊
NIST Privacy Framework Core Functions
最符合以下描述的隱私框架核心功能
ventory and mapping, business environment, risk assessment, and data processing ecosystem risk management
Identify (ID): Understand the business context, resources, and related cybersecurity risks to establish an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities.
瞭解業務背景、資源和相關的網路安全風險,以建立組織瞭解,管理系統、員工、資產、資料和能力的網路安全風險。
——————————-
記憶關鍵:identify- mapping
NIST Privacy Framework Core Functions
最符合以下描述的隱私框架核心功能
risk management strategy, awareness and training, and monitoring review
govern
In the NIST Privacy Framework Core Functions, the govern function has four categories including
1. governance policies, process, and procedures;
2. risk management strategy;
3. awareness and training;
4. and monitoring review.
記憶關鍵:
govern-strategy
最符合以下描述的隱私框架核心功能
protection policies, processes, and procedures; identity management, authentication, and access control; data security; maintenance; and protective technology
Protect (PR): Develop and implement safeguards to ensure delivery of critical services.
「Identity Management and Access Control」(身份管理與存取控制)、「Awareness and Training」(意識與培訓)、「Data Security」(數據安全) 和「Protective Technology」(保護技術) 都與保護個人數據免受未經授權的訪問、洩露或損壞有關。
制定並實施保障措施,以確保提供關鍵服務。
monitor主要針對已發生的情況,而不是預防和保護措施
記憶關鍵:
protect-Data Security
最符合以下描述的隱私框架核心功能
Anomalies and Events, Security Continuous Monitoring, and Detection Processes
Detect (DE): Implement activities to identify the occurrence of a cybersecurity event.
執行識別網路安全事件發生的活動。
記憶關鍵:
detect-event
最符合以下描述的隱私框架核心功能
Response Planning, Communications, Analysis, Mitigation, and Improvements categories.
Respond (RS): Take action regarding a detected cybersecurity incident.
針對偵測到的網路安全事件採取行動。
記憶關鍵:
response
最符合以下描述的隱私框架核心功能
Recovery Planning, Improvements, and Communications.
Recover (RC): Maintain plans for resilience and restore capabilities or services impaired due to a cybersecurity incident.
維持復原計劃,並恢復因網路安全事件而受損的能力或服務。
記憶關鍵:
recovery
最符合以下描述的隱私框架核心功能
data processing policies, processes, and procedures; data processing management; and disassociated processing.
control function
控制功能分為三個類別,包括資料處理政策、流程和程序;資料處理管理;以及不相關的處理。
以下屬於哪個NIST框架实施层级
When incident management not integrated into organizational processes and is often ad hoc
Tier 1 (partial) implementation tier.
當事件管理並未整合至組織流程中,而且往往是臨時性質時
以下屬於哪個NIST框架实施层级
Risk management practices are approved by management but might not be established as organizational-wide policy.
Tier 2 (risk informed)
第 2 層 (風險資訊) 的實施涉及組織其他成員的網路安全意識,但不涉及安全管理。
以下屬於哪個NIST框架实施层级
an organizational risk approach to cybersecurity where it is integrated into planning and regularly communicated among senior leadership
Tier 3 (repeatable)
第 3 級 (可重複) 實作涉及組織網路安全風險方法,將其納入規劃中,並定期在高階領導層之間溝通。
以下屬於哪個NIST框架实施层级
prioritization of managing cyber risks similar to other forms of organizational risks
Tier 4 (adaptive)
第 4 層 (適應性) 實作涉及管理網路風險的優先順序,類似於其他形式的組織風險。
the function is belong to which transaction cycle?
Pays employees, records payroll, reports to managers.
Human Resources and Payroll
the function is belong to which transaction cycle?
Records sales transactions, remits payments from customers, and interacts with external entities like banks.
Revenue and Cash Collections
the function is belong to which transaction cycle?
Records transactions, investment activity, and cash-related activities.
General Ledger and Reporting
investment earning 因為不是主要的收入,所以不是revenue而是general ledger
the function is belong to which transaction cycle?
Manages cash flow, processes loan payments, and handles investments.
Treasury
注意:
loan payment還債=財仔treasury
approving or denying a loan based on their credit history因為主要目的是收取account receivable,所以屬於Sales and cash collection cycles
the function is belong to which transaction cycle?
Records inventory and fixed assets, manages production orders and invoices.
Production and Fixed Assets
the function is belong to which transaction cycle?
Submits purchase orders, handles payments to vendors, and manages procurement.
Purchasing and Disbursement
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Exercises Board Risk Oversight
Governance & Culture
1. Exercises Board Risk Oversight
2. Establishes Operating Structures
3. Defines Desired Culture
4. Demonstrates Commitment to Core Values
5. Attracts, Develops, and Retains Capable Individuals
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Establishes Operating Structures
Governance & Culture
1. Exercises Board Risk Oversight
2. Establishes Operating Structures
3. Defines Desired Culture
4. Demonstrates Commitment to Core Values
5. Attracts, Develops, and Retains Capable Individuals
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Defines Desired Culture
Governance & Culture
1. Exercises Board Risk Oversight
2. Establishes Operating Structures
3. Defines Desired Culture
4. Demonstrates Commitment to Core Values
5. Attracts, Develops, and Retains Capable Individuals
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Demonstrates Commitment to Core Values
Governance & Culture
1. Exercises Board Risk Oversight
2. Establishes Operating Structures
3. Defines Desired Culture
4. Demonstrates Commitment to Core Values
5. Attracts, Develops, and Retains Capable Individuals
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Attracts, Develops, and Retains Capable Individuals
Governance & Culture
1. Exercises Board Risk Oversight
2. Establishes Operating Structures
3. Defines Desired Culture
4. Demonstrates Commitment to Core Values
5. Attracts, Develops, and Retains Capable Individuals
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Analyzes Business Context
Strategy & Objective-Setting
6. Analyzes Business Context
7. Defines Risk Appetite
8. Evaluates Alternative Strategies
9. Formulates Business Objectives
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Defines Risk Appetite
Strategy & Objective-Setting
6. Analyzes Business Context (分析業務環境):企業在確定戰略和目標時,應該考慮內部和外部的業務環境,如市場變化、競爭、法規等,這有助於理解風險和機會。 7. Defines Risk Appetite (定義風險偏好):組織需要明確它能夠承受的風險類型和程度,以確保風險管理與組織的戰略方向一致。 8. Evaluates Alternative Strategies (評估替代戰略):組織應該根據風險管理的框架,評估多種可選的戰略,並考慮這些戰略如何影響風險和回報。 9. Formulates Business Objectives (制定業務目標):在戰略確定後,組織應該設立具體的業務目標,這些目標應能夠促進戰略的實現,同時考慮風險因素。
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Evaluates Alternative Strategies
Strategy & Objective-Setting
6. Analyzes Business Context
7. Defines Risk Appetite
8. Evaluates Alternative Strategies
9. Formulates Business Objectives
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Formulates Business Objectives
Strategy & Objective-Setting
6. Analyzes Business Context
7. Defines Risk Appetite
8. Evaluates Alternative Strategies
9. Formulates Business Objectives
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Identifies Risk
Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritizes Risks
13. Implements Risk Responses
14. Develops Portfolio View
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Assesses Severity of Risk
Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritizes Risks
13. Implements Risk Responses
14. Develops Portfolio View
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Prioritizes Risks
Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritizes Risks
13. Implements Risk Responses
14. Develops Portfolio View
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Implements Risk Responses
Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritizes Risks
13. Implements Risk Responses執行風險回應,因為有執行兩字,所以是performance
14. Develops Portfolio View
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Develops Portfolio View
Performance
10. Identifies Risk
11. Assesses Severity of Risk
12. Prioritizes Risks
13. Implements Risk Responses
14. Develops Portfolio View
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Assesses Substantial Change
Review & Revision
15. Assesses Substantial Change
16. Reviews Risk and Performance
17. Pursues Improvement in Enterprise Risk Management
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Reviews Risk and Performance
Review & Revision
15. Assesses Substantial Change
16. Reviews Risk and Performance
17. Pursues Improvement in Enterprise Risk Management
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Pursues Improvement in Enterprise Risk Management
Review & Revision
15. Assesses Substantial Change
16. Reviews Risk and Performance
17. Pursues Improvement in Enterprise Risk Management追求企業風險管理的改善,improvement–>修訂revision
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Leverages Information and Technology
Information, Communication, & Reporting
18. Leverages Information and Technology擅用信息技術
19. Communicates Risk Information
20. Reports on Risk, Culture, and Performance
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Communicates Risk Information
Information, Communication, & Reporting
18. Leverages Information and Technology
19. Communicates Risk Information
20. Reports on Risk, Culture, and Performance
以下屬於COSO企業風險管理框架(ERM)的哪一部分?
Reports on Risk, Culture, and Performance
Information, Communication, & Reporting
18. Leverages Information and Technology
19. Communicates Risk Information
20. Reports on Risk, Culture, and Performance
Application Design, Tools, and Data 由Cloud service provider提供的是什麼服務?
IaaS(基礎設施即服務)
PaaS (平台即服務)
SaaS(軟體即服務)
SaaS。
I和P都是由組織管理
Environment Runtime(up time)由組織提供的是什麼服務?
IaaS(基礎設施即服務)
PaaS (平台即服務)
SaaS(軟體即服務)
IaaS(基礎設施即服務)
P和S都是由第三方提供Cloud service provider
Virtual Management由組織提供的是什麼服務?
IaaS(基礎設施即服務)
PaaS (平台即服務)
SaaS(軟體即服務)
IaaS(基礎設施即服務)
P和S都是由第三方提供Cloud service provider
Firewalls & Cybersecurity由組織提供的是什麼服務?
IaaS(基礎設施即服務)
PaaS (平台即服務)
SaaS(軟體即服務)
IaaS(基礎設施即服務)
P和S都是由第三方提供Cloud service provider
Operating Systems由組織提供的是什麼服務?
IaaS(基礎設施即服務)
PaaS (平台即服務)
SaaS(軟體即服務)
IaaS(基礎設施即服務)
P和S都是由第三方提供Cloud service provider
divide one connection into multiple connections.
a piece of hardware that connect devices and networks by relaying a signal or splitting that signal into multiple paths.
switch
選擇題的一個選項:将一个连接分成多个连接。
通过中继信号或将信号分成多路来连接设备和网络的硬件。
a device that directs traffic in a network to take the most efficient path, assign IP addresses
router
見到trafic就選router(road)
a hardware or a software solution that protects an organization’s network by filtering the data and analyzing it for potential threats
firewall
Devices that have a primary function of enabling other machines in a network to share an IP address so that identities may be hidden are referred to as:
Network address translation firewalls.
網路位址轉換防火牆可讓專用網路上的機器共用單一公用位址,以遮掩其真正的私人位址。
A piece of hardware that connects devices within a network by reading and converting protocols so that traffic can be transmitted across those devices
intermediary among different networks
Gateway
machines or software that provide services or share data with other machines on a network, known as clients.
coordinate programs, data, and other computers so that the network can operate.
Servers
提供服務或與網路中其他機器 (稱為用戶端) 共用資料的機器或軟體。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer1
物理层 (Layer 1):
功能:负责网络设备之间的物理连接,包括电缆、网线、光纤等。它处理比特流的传输和接收。
示例:网络适配器、集线器(hub)、网线、光纤、无线信号。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer2
数据链路层 (Layer 2):
功能:负责将数据封装为帧,并处理错误检测和纠正。它确保数据在局域网(LAN)内部的可靠传输。
示例:交换机(switch)、桥接器(bridge)、MAC地址。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer3
网络层 (Layer 3):
功能:负责数据包的路由和转发。它处理逻辑地址(如IP地址)的分配,并决定数据包的传输路径。
示例:路由器(router)、IP地址、ICMP协议。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer4
传输层 (Layer 4):
功能:提供端到端的通信服务,包括流量控制、数据完整性和错误恢复。它确保数据从源主机到达目标主机。
示例:传输控制协议(TCP)、用户数据报协议(UDP)。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer5
会话层 (Layer 5):
功能:负责建立、管理和终止会话或连接。它允许不同应用程序之间的通信会话。
示例:会话管理协议(如NetBIOS、RPC)。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer6
表示层 (Layer 6):
功能:处理数据的表示和格式化,包括数据加密和解密、数据压缩等。它确保应用层数据的格式可以被接收端理解。
示例:加密协议(如SSL/TLS)、数据转换(如JPEG、MPEG)。
OSI模型(开放系统互联模型)将网络通信分为七个层次,从物理层到应用层,每一层负责不同的网络功能。
Layer7
应用层 (Layer 7):
功能:直接与用户应用程序交互,提供网络服务和应用程序接口。它定义了应用程序之间的通信协议和数据格式。
示例:HTTP、FTP、SMTP、DNS。
Waterfall method as a way to:
A. Increase productivity so that engineers will be engaged at every point in the process. B. Focus on testing and change review. C. Shorten the time it takes to collect customer input to enhance design features in the new software. D. Realize the benefits of the new system at each stage of completion.
【B】
Waterfall method的特點簡短總結如下:
- 線性工作流程:各階段依次進行,前一階段完成後才開始下一階段。
- 有明確的階段:包括設計、測試、部署、變更審查、和維護。
- 變更困難:在後期階段不易進行變更。
- 沒有客戶參與:開發過程中不涉及持續的客戶反饋。
- 效益延遲:系統的效益在項目全部完成後才會實現。
解釋
deployment
Deployment 部署是將系統供預期使用者和其他程式使用的過程。部署並不涉及設定系統參數以滿足公司的需求。此階段是在配置完成並全面測試之後。
Setting system parameters to meet a company’s needs during an enterprise resource planning system implementation is known as:
Configuration配置是修改預設系統參數以滿足公司需求的過程。配置應根據實施路線圖和已核准的系統變更執行。
Simplified Question:
A CPA is working with an IT administrator to ensure the company can quickly recover from a system incident. The IT administrator’s focus on rapid recovery best describes which concept?
Options:
A. Business resiliency
B. Crisis management
C. Incident response
D. Availability controls
- 範圍: 涵蓋整個業務運營的連續性,不僅限於單一事件。業務彈性關注企業在面對各種威脅或中斷(例如系統故障、災難或其他業務中斷)時,如何持續運營並快速恢復到正常狀態。
- 目標: 建立強大的系統和流程,確保即使發生災難,企業的核心運營也能快速恢復,並且這種恢復能力是持續的。
- 重點: 整體業務持續性和恢復能力,包括對各種威脅的識別和應對計劃的建立。
- 範圍: 更具針對性,專注於對具體事件的應對和恢復。事件響應的目的是在事件發生後採取具體措施來遏制、解決問題,並使系統恢復正常運行。
- 目標: 在特定的安全事件(例如網絡攻擊、停電或自然災害)發生後,快速應對並最小化損害。
- 重點: 具體事件的應對流程,確保系統或業務的恢復,而不是整體業務的連續性。
A business impact analysis (BIA) generally have the following steps:
1) establish the BIA approach,
2) identify critical resources,
3) define disruption impacts,
4) ,
5) ,
6) create the BIA report, and
7) implement BIA recommendations.
4) estimate losses,
5) establish recovery priorities: determining the optimal maximum tolerable downtime (MTD) and the mean time to repair (MTTR)
以下描述是什麼數據庫的特點?
summarize information about the data in a database to make it easier to work with the data and understand how it can be used
data dictionary/metadata
數據的總結和解釋功能更適合用來描述「數據字典」或「元數據」(metadata),這些元數據能幫助我們理解數據的使用方式
以下描述是什麼數據庫的特點?
assist with the goal that all data required for a business process is included within the data set.
relational database
關聯式資料庫通過「標準化」(normalization)的方式來確保所有與業務流程相關的數據都包含在資料集中。
The four benefits of relational databases include
1.completeness,
2.no redundancy,
3.business rules enforcement,業務規則的執行,
4.communication and integration of business processes.業務流程的溝通與整合。
