N2K - Flash Cards - General Security Concepts - Explain the importance of change management processes and the impact to security

Question 1

What is the term for a time period in which a system will be unavailable due to servicing?

Answer 1

Maintenance Window

Question 2

Which business process impacts security operations by ensuring that proposed changes undergo thorough review and authorization before implementation?

Answer 2

The approval process of formal change management

Question 3

What is the primary concern of the BIA?

Answer 3

Business Impact Analysis (BIA) identifies all business resources that could be lost

Question 4

Allow lists, deny lists, restricted activities, service restart, application restart and legacy applications are examples of what kind of impacts to security in the change management process?

Answer 4

Technical Implications

Question 5

What is it called when a system is offline and/or unavailable to perform services?

Answer 5

Downtime

Question 6

Which technical implication impacts change management security operations by stopping and starting specific processes to enforce security policies or apply updates?

Answer 6

Service Restart

Question 7

What is the term for a plan for reversing changes made during an unsuccessful update to IT operations?

Answer 7

A rollback or backout plan

Question 8

What is a dependency vulnerability?

Answer 8

Vulnerabilities caused by dependencies on insecure code found in shared or public code repositories.

Question 9

Which step must be completed before a change request can be sent for approval or denial, according to COMPTIA?

Answer 9

Determining the correct decision-makers for the change

Question 10

Which two entities are responsible for the majority of project changes?

Answer 10

Stakeholders (including the project sponsor) and team members

Question 11

Which business process impacts security operations by providing critical feedback on the effectiveness and integrity of proposed changes?

Answer 11

Test Results

Question 12

Which technical implication impacts change management security operations by limiting or prohibiting certain actions or behaviors to prevent security breaches or unauthorized activities?

Answer 12

Restricted Activities

Question 13

Which business process impacts security operations by assigning responsibility for overseeing change implementation and ensuring that security considerations are addressed?

Answer 13

Ownership

Question 14

Which technical implication of change management impacts security operations by restarting specific applications to address security vulnerabilities or apply configuration changes?

Answer 14

Application restart

Question 15

Which change management process impacts security by ensuring that changes are tracked, documented, and reversible, reducing the risk of unauthorized or malicious alterations?

Answer 15

Version Control

Question 16

Which protocol, used in legacy applications that use XML to encode calls, leverages HTTP as a transport mechanism and is susceptible to API attacks?

Answer 16

Extensible Markup Language-Remote Procedure Call (XML-RPC)

Question 17

What are the two key elements in documenting the results of change management?

Answer 17

Updating diagrams and updating policies/procedures

Question 18

What is meant by the term allow list?

Answer 18

The list of applications, systems, or networks that are in scope and should be tested (previously referred to as a whitelist, a deprecated term)

Question 19

Which business process impacts security operations by outlining the step-by-step process for executing changes and ensuring adherence to security protocols?

Answer 19

Standard Operating Procedure