Chapter 18: Managing Risk Flashcards Preview

Network+ > Chapter 18: Managing Risk > Flashcards

Flashcards in Chapter 18: Managing Risk Deck (44):
1

Risk Management

The process of how organizations deal with the bad things that take place on their networks.

2

Data Breach

Any form of attack where secured data is taken or destroyed.

3

Acceptable Use Policy

Defines what is and what is not acceptable to do on an organization's computers

4

Network Access Policy

Defines who may access the network, how they may access the network, and what they access.

5

Change Management

The process of creating change in your infrastructure in an organized, controlled, safe way

6

Strategic-Level Changes

Typically initiated by management and major in scope.

7

Infrastructure-Level Changes

Typically initiated by a department making a request to the change management team

8

A good change request will include:

1) Type of change
2) Configuration Procedures
3) Rollback Process
4) Potential Impact
5) Notification

9

Patch Management

Regularly updating operating systems and applications to avoid security threats.

10

When do we generally apply driver updates?

To fix an incompatibility, incorporate new features, or repair a bug.

11

Vulnerability Patch

A patch used to quickly respond to a major vulnerability.

12

It's important that users understand:

1) Security Policies
2) Passwords
3) System and Workplace Security
4) Social Engineering
5) Malware

13

Single Point of Failure

One system that, if it fails, will bring down an entire process, workflow or organization.

14

High Availability (HA)

The ability for a system to keep working without interruption or downtime.

15

Failover

The ability for backup systems to detect when a master has failed and the to take over.

16

Virtual IP

A single IP address shared by multiple systems.

17

Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP)

Take multiple routers and gang them together into a single virtual router with a single virtual IP that clients use as a default gateway.

18

Service Level Agreement (SLA)

A document between a customer and a service provider that defines the scope, quality, and terms of the service to be provided.

19

What does a typical SLA contain?

1) Definition of the service provided
2) Equipment provided
3) Technical Support that will be given

20

Memorandum of Understanding (MOU)

A document that defines an agreement between two parties in situations where a legal contract wouldn't be appropriate.
Defines the duties the parties commit to perform for each other.

21

Multi-Source Agreement

A document that details the interoperability of various manufacturers' components.

22

Statement of Work (SOW)

Defines the services and products the vendor agrees to supply and the time frame in which to supply them.

23

Vulnerability Scanner

Inspects potential vulnerabilities and creates a report.

24

Nmap

A port scanner, which queries individual nodes, looking for open or vulnerable ports.

25

Nessus

Popular and extremely comprehensive vulnerability testing tool.

26

Penetration Testing

-A purposeful attack by a hacker to see if it can be penetrated.
-Aircrack-ng and Metasploit

27

Contingency Plans

How to limit damage and recover quickly from incidents.

28

Incident Response Level

Incidents that can be stopped, contained, and remediated without outside resources.

29

Disaster Recovery Level

An incident that can no longer be contained, causing significant damage or danger to the immediate infrastructure.

30

Business Continuity Level

If the disaster requires actions offsite from the primary infrastructure.

31

Recovery Point Objective (RPO)

The state of the backup when the data is recovered.

32

Recovery Time Objective (RTO)

The amount of time needed to restore full functionality

33

Cold Site

A location that consists of everything a business needs except computers.

34

Warm Site

Like a cold site but with computers loaded with software and functioning servers. However, lacks current data.

35

Hot Site

Nearly a complete duplicate of the primary site.

36

Computer Forensics

The science of gathering, preserving, and presenting evidence stored on a computer or any form of digital media that is presentable in a court of law.

37

4 Steps to Computer Forensics

1) Secure the Area
2) Document the Scene
3) Collect Evidence
4) Interface with Authorities

38

Electronic Discovery

The process of requesting and providing electronic and stored data and evidence in a legal way.

39

Electrical Safety topics

1) Inherent danger of electricity
2) Grounding
3) Static

40

Ground Loop

A voltage differential that exists between two different grounding points, causing data to become unreadable, and also exposes equipment to more risk from power surges.

41

Electrostatic Discharge (ESD)

The passage of a static electrical charge from one item to another. It can damage or destroy computing equipment.

42

What is the ideal temperature and humidity for equipment?

68 degrees F, 50% humidity

43

Material Safety Data Sheet (MSDS)

Document that describes the safe handling procedures for any potentially hazardous, toxic, or unsafe material.

44

Emergency Procedures 5 Essential Aspects

1) Building Layout
2) Fire Escape Plan
3) Safety/emergency exits
4) Fail open/Fail close
5) Emergency Alert System