N2K - Flash Cards - General Security Concepts - Explain the importance of change management processes and the impact to security

1
Q

What is the term for a time period in which a system will be unavailable due to servicing?

A

Maintenance Window

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which business process impacts security operations by ensuring that proposed changes undergo thorough review and authorization before implementation?

A

The approval process of formal change management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the primary concern of the BIA?

A

Business Impact Analysis (BIA) identifies all business resources that could be lost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Allow lists, deny lists, restricted activities, service restart, application restart and legacy applications are examples of what kind of impacts to security in the change management process?

A

Technical Implications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is it called when a system is offline and/or unavailable to perform services?

A

Downtime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which technical implication impacts change management security operations by stopping and starting specific processes to enforce security policies or apply updates?

A

Service Restart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the term for a plan for reversing changes made during an unsuccessful update to IT operations?

A

A rollback or backout plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a dependency vulnerability?

A

Vulnerabilities caused by dependencies on insecure code found in shared or public code repositories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which step must be completed before a change request can be sent for approval or denial, according to COMPTIA?

A

Determining the correct decision-makers for the change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which two entities are responsible for the majority of project changes?

A

Stakeholders (including the project sponsor) and team members

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which business process impacts security operations by providing critical feedback on the effectiveness and integrity of proposed changes?

A

Test Results

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which technical implication impacts change management security operations by limiting or prohibiting certain actions or behaviors to prevent security breaches or unauthorized activities?

A

Restricted Activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which business process impacts security operations by assigning responsibility for overseeing change implementation and ensuring that security considerations are addressed?

A

Ownership

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which technical implication of change management impacts security operations by restarting specific applications to address security vulnerabilities or apply configuration changes?

A

Application restart

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which change management process impacts security by ensuring that changes are tracked, documented, and reversible, reducing the risk of unauthorized or malicious alterations?

A

Version Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which protocol, used in legacy applications that use XML to encode calls, leverages HTTP as a transport mechanism and is susceptible to API attacks?

A

Extensible Markup Language-Remote Procedure Call (XML-RPC)

17
Q

What are the two key elements in documenting the results of change management?

A

Updating diagrams and updating policies/procedures

18
Q

What is meant by the term allow list?

A

The list of applications, systems, or networks that are in scope and should be tested (previously referred to as a whitelist, a deprecated term)

19
Q

Which business process impacts security operations by outlining the step-by-step process for executing changes and ensuring adherence to security protocols?

A

Standard Operating Procedure