Chapter 18: Managing Risk Flashcards Preview

Network+ > Chapter 18: Managing Risk > Flashcards

Flashcards in Chapter 18: Managing Risk Deck (44)
Loading flashcards...
1

Risk Management

The process of how organizations deal with the bad things that take place on their networks.

2

Data Breach

Any form of attack where secured data is taken or destroyed.

3

Acceptable Use Policy

Defines what is and what is not acceptable to do on an organization's computers

4

Network Access Policy

Defines who may access the network, how they may access the network, and what they access.

5

Change Management

The process of creating change in your infrastructure in an organized, controlled, safe way

6

Strategic-Level Changes

Typically initiated by management and major in scope.

7

Infrastructure-Level Changes

Typically initiated by a department making a request to the change management team

8

A good change request will include:

1) Type of change
2) Configuration Procedures
3) Rollback Process
4) Potential Impact
5) Notification

9

Patch Management

Regularly updating operating systems and applications to avoid security threats.

10

When do we generally apply driver updates?

To fix an incompatibility, incorporate new features, or repair a bug.

11

Vulnerability Patch

A patch used to quickly respond to a major vulnerability.

12

It's important that users understand:

1) Security Policies
2) Passwords
3) System and Workplace Security
4) Social Engineering
5) Malware

13

Single Point of Failure

One system that, if it fails, will bring down an entire process, workflow or organization.

14

High Availability (HA)

The ability for a system to keep working without interruption or downtime.

15

Failover

The ability for backup systems to detect when a master has failed and the to take over.

16

Virtual IP

A single IP address shared by multiple systems.

17

Virtual Router Redundancy Protocol (VRRP) and Hot Standby Router Protocol (HSRP)

Take multiple routers and gang them together into a single virtual router with a single virtual IP that clients use as a default gateway.

18

Service Level Agreement (SLA)

A document between a customer and a service provider that defines the scope, quality, and terms of the service to be provided.

19

What does a typical SLA contain?

1) Definition of the service provided
2) Equipment provided
3) Technical Support that will be given

20

Memorandum of Understanding (MOU)

A document that defines an agreement between two parties in situations where a legal contract wouldn't be appropriate.
Defines the duties the parties commit to perform for each other.

21

Multi-Source Agreement

A document that details the interoperability of various manufacturers' components.

22

Statement of Work (SOW)

Defines the services and products the vendor agrees to supply and the time frame in which to supply them.

23

Vulnerability Scanner

Inspects potential vulnerabilities and creates a report.

24

Nmap

A port scanner, which queries individual nodes, looking for open or vulnerable ports.

25

Nessus

Popular and extremely comprehensive vulnerability testing tool.

26

Penetration Testing

-A purposeful attack by a hacker to see if it can be penetrated.
-Aircrack-ng and Metasploit

27

Contingency Plans

How to limit damage and recover quickly from incidents.

28

Incident Response Level

Incidents that can be stopped, contained, and remediated without outside resources.

29

Disaster Recovery Level

An incident that can no longer be contained, causing significant damage or danger to the immediate infrastructure.

30

Business Continuity Level

If the disaster requires actions offsite from the primary infrastructure.