Security Operations

Question 1

Data handling process

Answer 1

Classification
Labeling - Data sensitivity labels, e.g. Highly restricted, low sensitivity
Retention
Destruction

Question 2

Primary uses of symmetric encryption

Answer 2

Encrypting bulk data (backups, hard drives, portable media)
Encrypting messages traversing communications channels (IPsec, TLS)
Streaming large-scale, time-sensitive data (audio/video materials, gaming, etc.)

Question 3

Configuration Management process

Answer 3

Identify
Baselines
Updates
Patches

Question 4

Data Handling policy

Answer 4

defines whether data is for use within the company, is restricted for use by only certain roles or can be made public to anyone outside the organization.

Question 5

Acceptable Use policy

Answer 5

defines acceptable use of the organization’s network and computer systems and can help protect the organization from legal action.

Question 6

Change Management Policy

Answer 6

It consists of three major activities: deciding to change, making the change, and confirming that the change has been correctly accomplished. Change management focuses on making the decision to change and results in the approvals to systems support teams, developers and end users to start making the directed alterations.

Question 7

What are the change management components?

Answer 7

Request for change
Approval
Rollback

Question 8

What are the three types of learning activities organizations use?

Answer 8

Education
Training
Awareness