Managing Risk Flashcards
Which item should be found in a security policy?
Acceptable use policy
Emergency exit plan
Service level agreement
Acceptable use policy
An acceptable use policy is a typical item found in a security policy
Through what mechanism is a change to the IT structure initiated?
Users make a change to their environment, then report the result to the change management team.
A user requests funding for a change to upper management, then submits a requisition to the change management team to source and purchase new equipment.
Users submit a change request to the change management team.
Users submit a change request to the change management team.
Users submit a change request to the change management team to effect a change to an IT structure
Users need training from the IT department to understand which of the following?
How to troubleshoot lost network connections
How to secure workstations with screen-locking and password-security techniques
How to send e-mail to the change management team
How to secure workstations with screen-locking and password-security techniques
Typical user training includes how to secure workstations with screen-locking and password-security techniques
When is a memorandum of understanding used?
As part of a statement of work (SOW)
When a service level agreement (SLA) expires
When a legal contract is not appropriate
When a legal contract is not appropriate
A memorandum of understanding is used when a legal contract is not appropriate
The best way to know the vulnerabilities of an IT infrastructure is to run what?
Cable certifier
Critical asset scanner
Vulnerability scanner
Vulnerability scanner
Run a vulnerability scanner to find weaknesses in an IT infrastructure
What is succession planning?
Identifying personnel who can take over certain positions in response to an incident
The career path by which employees of an organization can grow through the ranks
The selection of failover servers in the event of a catastrophic server failure
Identifying personnel who can take over certain positions in response to an incident
Identifying personnel who can take over certain positions in response to an incident is essential in succession planning
During and after a change to the IT infrastructure, what must be done?
New equipment must be installed.
Operating systems must be patched.
The changes must be documented.
The changes must be documented.
When changing an IT infrastructure, always document the changes
What is the job of a first responder?
Investigate data on a computer suspected to contain crime evidence.
React to the notification of a computer crime.
Power off computers suspected of being used in criminal activity.
React to the notification of a computer crime.
A first responder reacts to the notification of a computer crime
When working inside equipment, what should Jane do?
Ensure that the equipment is secured to the rack with four screws.
Wear a properly connected anti-ESD wrist strap.
Have a fire extinguisher nearby and review its proper use.
Wear a properly connected anti-ESD wrist strap.
Jane should almost always wear a properly connected anti-ESD wrist strap when working inside equipment
The placement of a rack should optimize what?
Airflow
HVAC
MSDS
Airflow
Figure out the proper airflow when placing a rack