Chapter 14

Question 1

Whats IT governance

Answer 1

process to ensure the efficiency use of IT for a company to achieves its goals

Question 2

What is COBIT

Answer 2

The most widely used international standard for IT governance

Question 3

What are the two categories of COBIT

Answer 3

IT Governance objectives-Creating the strategy
Management IT objectives - Turning the strategy into Action

Question 4

What are the five COBIT

Answer 4

Governance : Evaluate,Direct ,Monitor
Management: Align,Plan and Organize
Management : Build, acquire and implement
Management: Deliver, service and support
Management: Monitor, evaluate and assess

Question 5

Whats is Governance : Evaluate,Direct ,Monitor controls objectives

Answer 5

Ensure IT benefit delivery
Ensure risk realization
Ensure resource optimization

The only IT governance focused domain in COBIT 2019

Question 6

Whats is Management: Align,Plan and Organize control objectives

Answer 6

manage data , security and risk

Dress the way IT is used to meet organizational objectives

Question 7

What is Management : Build, acquire and implement control objectives

Answer 7

manage changes , asset and project

Where the management assesses IT requirement , acquire the tech and implement them

Question 8

What is : Management: Deliver, service and support control objectives

Answer 8

manage operation
manage continuity
manage security services

operational side of IT (IT support)

Question 9

What is Management: Monitor, evaluate and assess control objectives

Answer 9

manage system of internal control,assurance
Focus on existing IT and if they meet the organization objectives

Question 10

What does logical access controls do

Answer 10

identify ,authorize and provide users access to a computer info.

Question 11

What does physical access controls do

Answer 11

help to keep track of who coming and going into the facility

Question 12

Role based access control (RBAC) is to

Answer 12

restricted network for individual with specific roles that have a criteria if they acess the system or not

Question 13

User access roles are

Answer 13

groups with predefined permission to which users are assigned , with each user assigned to only one role at a time

Question 14

What is the hierarchy of user roles

Answer 14

Administrator
Creator
User
Read-only

Question 15

Whats user authentification

Answer 15

process associating the username to each authorized user with unique identifier

Question 16

Whats user access provisioning

Answer 16

formal process of granting access to a new user

Question 17

What user access de-provisionning

Answer 17

formal process of changing users access

Question 18

What are the two type of user access changes

Answer 18

Termination
Transfer

Question 19

What is Dormant access

Answer 19

user has not accessed the system for significant period of time but still has an active role that grant them access

Question 20

What are some control activities in logical security

Answer 20

Policies and procedures for suer access are documented
access to system is granted to each user based on the user business need
user access to systems is periodically reviewed for appropriateness
New access request are reviews and approved before being granted

Question 21

Why do company used data center

Answer 21

to protect the physical component on which the systems and data are stored

Question 22

What are the three keys environment of data center

Answer 22

Outside environment
Inside environment
Physical security

Question 23

Whats is Business continuity planning

Answer 23

set of procedures that the business take to protect employees , stakeholders and assts in a disruptive events

Question 24

Whats is business continuity planning subset

Answer 24

Disaster recovery

Question 25

Explain a back up site

Answer 25

a physical location where company personnel will go to recover the systems and data after a disaster

Question 26

whats a hot backup site

Answer 26

it's immedaitely operational after a disater, the most expensive option

Question 27

Whats a warm backup site

Answer 27

equipped with servers ready for systems to be installed and contains only some equipment needed to ramp up the operations. It might take couple hours to warm a backup site the cost of maintaining is less.

Question 28

Whats a cold backup site

Answer 28

is an empty room with no servers or equipment ready, the recovering takes a few days and weeks

Question 29

When disasters strikes what are the 2 metrics

Answer 29

recovery time objective adn recovery point objective

Question 30

Explain recovery time objective (RTO)

Answer 30

How much time systems can be down before it cause significant damage to the business

Question 31

Recovery point objective ( RPO) :

Answer 31

How much data can be loss before it cause significant damage to the business

Question 32

Whats a backup strategy

Answer 32

determine which data is being stored during data backup

Question 33

Whats are the basic types of backup strategies

Answer 33

full differential incremental

Question 34

Explain full backup strategies

Answer 34

the slowest methods , require a lot of store as it involves copying all existing data in it entirety every time

Question 35

Explain differential backup strategies

Answer 35

this take moderate amount of time and storage space as it involve copying all data created since the most recent full backup every time

Question 36

Eplain incremental backup strategies

Answer 36

This is the cheapest strategy as it involves copying only new or uptated data with each backup

Question 37

Whats a backup cycle

Answer 37

determine when data is being stored during a data backup

Question 38

What is the most common backup cycles

Answer 38

grandfather-father-son redundant backup

Question 39

Grandfather cycle is based

Answer 39

on full backup once a months

Question 40

Father cycle is based

Answer 40

on full backup once a week

Question 41

Son cycle is based

Answer 41

Incremental or. differential backup , every day

Question 42

Whats the change management process

Answer 42

a standardized process that decree risk by controlling the identification and implementation of required changes to a systems

Question 43

What are the three steps of change management process

Answer 43

test environment model environment production environment

Question 44

test environment is

Answer 44

is when developers can play without having any impact on the system

Question 45

Model environment is

Answer 45

a recent copy of the live system which is used to implement the code in a environment that looks almost like production

Question 46

Production environment is

Answer 46

the systems goes live and available for ends users