Managing Risk

Question 1

process for how a company deals with bad things on the network(s)

Answer 1

risk management

Question 2

any written documente descibing how a company protects its IT infrastructure

Answer 2

security policy

Question 3

document that explains what is and is not acceptable to do on an organization’s computers; typically describes ownership, network access, privacy/consent to monitoring, and illegal use

Answer 3

acceptable use policy (AUP)

Question 4

document that explains who can access a company’s network, how they may access it, and what they may access on it

Answer 4

network access policy

Question 5

company document that describes how a company addresses the risk of data loss or theft

Answer 5

data loss prevention (DLP) policy

Question 6

provision of some security policies that restrict what hardware and software can be exported

Answer 6

international export controls

Question 7

rules on commercial software that determine whether (and where?) that software can be taken to other countries

Answer 7

licensing restrictions

Question 8

permission granted to data stored on a laptop or device to be taken to another country

Answer 8

export license

Question 9

group of people in an organization in charge of investigation, testing, and implementing/authorizing all but the smallest change in the organization

Answer 9

change management team

Question 10

process for approving a change request based on the details from a change request, management approval, and funding

Answer 10

approval process

Question 11

in the process of making an IT infrastructure change, this is the period of time for implementing and testing a desired change

Answer 11

maintenance window

Question 12

permission by the change management team for systems, departments, etc. to be down when implementing a change

Answer 12

authorize downtime

Question 13

final step of an IT change, it includes documenting all changes, such as network configurations, additions to the network, and physical location changes

Answer 13

change management documentation

Question 14

one system that, if it failes, will cause significant stoppage - bring down an entire process, workflow, or the entire organization

Answer 14

single point of failure

Question 15

something that is critical to the operation of a company, not necessarily IT

Answer 15

critical assett

Question 16

devices that are critical to a business’s operation, unique to IT

Answer 16

critical node

Question 17

the making of critical nodes to be constantly working without interruption or downtime

Answer 17

high availability (HA)

Question 18

a single IP address that is shared by multiple systems, allowing for failover

Answer 18

virtual IP

Question 19

open standard protocol that gangs multiple routers together into a single virtual router that uses one virtual IP address as the default gateway

Answer 19

Virtual Router Redundancy Protocol (VRRP)

Question 20

Cisco proprietary protocol that gangs multiple routers together to acts as one virtual router with one virtual IP address

Answer 20

Hot Standby Router Protocol (HSRP)

Question 21

the combining of multiple machines to work together and share operational work; not provided by VRRP and HSRP

Answer 21

load balancing

Question 22

having multiple pieces of equipment working together, connected, and presenting as one logical device

Answer 22

clustering

Question 23

document between a customer and a service provider defining the scope, quality, and terms of services to be provided; common for ISPs

Answer 23

service-level agreement (SLA)

Question 24

document that describes an agreement between two companies where a legal agreement would not be appropriate in certain situations; would define costs, contacts, logistics, etc., such as hospitals taking over another’s patients in event of a tornado

Answer 24

memorandum of understanding (MOU)

Question 25

document between two parties that describes the interoperability between their components, such as a GBIC manufacturer’s devices working with Cisco and Juniper switches

Answer 25

multi-source agreement (MSA)

Question 26

a legal contract between a vendor and client, detailing the services and products the vendor will supply and time frame to supply them; Ex. IT company and client; explains what vendor needs to do, with milestones of the completion of the work

Answer 26

statement of work (SOW)

Question 27

legal document that many employees and even potential employees might sign, where they agree not to disclose any company secrets to outside sources

Answer 27

nondisclosure agreement (NDA)

Question 28

a program that will inspect your network for a large number of potential vulnerabilities, then create a report for you to act upon

Answer 28

vulnerability scanner

Question 29

Microsoft vulnerability analyzer that tests one Windows machine for vulnerablities

Answer 29

Microsoft Baseline Security Analyzer (MBSA)

Question 30

a popular, Free, and well-maintained software tool that tests a network for vulnerabiliteies and has other tools

Answer 30

Nmap

Question 31

by Tenable Network Security, this is a more aggressive and powerful comprehensive test (vulnerability test); requires subscription

Answer 31

Nessus

Question 32

the use of a “white hat” friendly hacker to find vulnerabilities in a network and exploit them, then create a report for the purpose of hardening the network

Answer 32

penetration testing

Question 33

document about how to limit damage and recover quickly from an incident

Answer 33

contingency plan

Question 34

response to an incident that involves stopping, containing, and remediating the incident without outside resources; such team might have responsible for determining whether an incident qualifies, the level of severity, scope and cause, prevent further disruption, resolve the cause, restore affected systems, and ID ways to prevent a reoccurence

Answer 34

incident response

Question 35

response to an incident that cannot be contained and cuases significant damage or danger to the immediate infrastructure; team gets IT infrastructure up and running as soon as possible at primary locations and restores from backups they created

Answer 35

disaster recovery

Question 36

backs up every file, with the archive bit turned off for every file; standard

Answer 36

full backup

Question 37

backs up only files with the archive bit turned on, then turns off the bit for those files; takes up less storage, but takes longer to restore

Answer 37

incremental backup

Question 38

backs up all files changed since the last full backup - backs up files with the archive bit turned on and does not turn off the archive bit; uses up more space, but is faster as restoring

Answer 38

differential backup

Question 39

the state of the backup when data is recovered - how much data is lost

Answer 39

recovery point objective (RPO)

Question 40

the amount of time to restore full functionality from when an organization ceases of function

Answer 40

recovery time objective (RTO)

Question 41

factor describing an estimated time between one failure and the next failure of a hardware component by the manufacturer

Answer 41

mean time between failures (MTBF)

Question 42

factor describing an estimated time until a hardware component fails and will need to be replaced

Answer 42

mean time to failure (MTTF)

Question 43

factor describing the estimated amount of time it takes for a hardware component to recover from a failure

Answer 43

mean time to recovery (MTTR)

Question 44

response to an incident that enable an organization to function at a remote location when the primary inftrastructure is inoperational; must include backup sites

Answer 44

business continuity

Question 45

document or plan to fill a position in the event someone in a critical position is incapacitated or lost in an incident

Answer 45

succession planning

Question 46

document where one, such as the first responder, reports their findings from a computer crime, if any

Answer 46

forensics report

Question 47

process of an organization preserving and organizing data in anticipation of or in response to a legal issue

Answer 47

legal hold

Question 48

process of providing or requesting data (forensics reports and/or data from a device) in a legal way

Answer 48

electronic discovery (e-discovery)

Question 49

the existence of a voltage differential between two parts of a network

Answer 49

ground loop

Question 50

system that can detect fire, cut power to equipment, displace oxygen, activate sprinklers, and alert staff; needed for a server room (also need to get out any electrical spark, with this?)

Answer 50

fire suppression system