Compliance & Operational Security Flashcards Preview

CompTIA Security+ SY0-501 > Compliance & Operational Security > Flashcards

Flashcards in Compliance & Operational Security Deck (21)
Loading flashcards...
1

What are things to consider if performing an major update?

Test
Backup
Time frame (downtime)
Back-out plan
Test & Monitor post change

2

How do you mitigate privilege creep?

User rights and permission levels based on least privelege

3

What is PII?

Personally Identifiable Information

4

What is DLP?

Data Loss Prevention

5

What information is stored in RAM?

Reigisters, Cache (i.e ARP,RAID,CPU) , Process Tables, System Information

6

What are computer mechanisms ranked by volatility?

RAM
SWAP file (retained only if gracefully shutdown)
HD

7

What is chain of custody?

Details regarding where the evidence was stored, who had access, integrity of evidence (hashes)

8

What does a first responder do at an incident?

Triage (decide priority of incident)
Investigation
Contain/Quarantine

9

What is Mandatory Access Control?

Data labeling and clearance levels for users

10

What process uses a magnet to erase a hard drive?

Degaussing

11

What is a compensating control measure?

An additional system to compensate for the incapability of another system

12

What is an administrative control measure?

Written security policy
Job rotation
Mandatory vacation
Auditing etc.

13

What is the first step in creating a BCP?

Business Impact Analysis
critical systems, assets and dependencies

14

What is a hot site?

Full redundant copy (including storage and networking) of a primary site

15

What is a warm site?

Equipment available without data replicated

16

What is a cold site?

Facility without equipment (location only)

17

Where is the DRP specified?

BCP may list a number of DRPs against different events

18

What is IT contingency planning?

Specified within DRP, focuses on one system
i.e RAID 5 on computer

19

What is a tabletop excercise?

Structured walk through of BCP including all parties

20

What is stegonography?

Hiding documents in other files
i.e openpuff

21

What is repudiation?

Denying responsibility for something
digital signatures provide non-reupdiation