Governance

Question 1

IT Governance

Answer 1

A comprehensive security management framework

Question 1

Policy (Security)

Answer 1

*Defines the role of security inside of an organization
*Establishes the desired end state for that program

Question 2

Organizational Policy (Security)

Answer 2

*Meet business goals
*Define the roles, responsibilities, and terms associated with it

Question 3

System-specific Policy (Security)

Answer 3

Addresses the security o a specific technology, application, network, or computer

Question 4

Issue-specific Policy (Security)

Answer 4

Addresses a specific security issue *Email privacy,
*Employee termination procedures *Other specific issues

Question 5

Standard (Sec Policy)

Answer 5

Implements a policy in an organization

Question 6

Baseline (Sec Policy)

Answer 6

Creates a reference point in network architecture and design

Question 7

Guideline (Sec Policy)

Answer 7

Recommended action that allows for exceptions in unique situations

Question 8

Procedure (Sec Policy)

Answer 8

Detailed step-by step instructions to perform a give task or series of actions

Question 9

Change Management

Answer 9

Structured way of changing the state of a computer system, network, or IT procedure

Question 10

Incident Response Plan

Answer 10

Instructions to detect, respond to , and recover from security incidents

Question 11

Steps of an Incident Response Plan

Answer 11

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons learned

Question 12

Business Continuity Plan

Answer 12

• How a business will continue operating during an unplanned disruption
• Long-Term
• Contains a Disaster Recovery Plan

Question 13

System Life Cycle Plan

Answer 13

Describes the approach to maintaining an asset from creation to disposal

Question 14

Planning

Answer 14

Planning and requirement analysis for a system, including architecture outlining risk identification

Question 15

Standard Operating Procedure

Answer 15

Step-by-step instructions to carry out routine operations

Question 16

Memorandum of Understanding (MOU)

Answer 16

Non-binding agreement between two or more organization to detail what common actions they intend to take

Question 17

Service-Level Agreement (SLA)

Answer 17

Documents the quality, availability, and responsibilities agree upon by a service provider and a client

Question 18

Baseline Configuration

Answer 18

Set of specifications for
*Information system
*Configuration item within a system
That has been formally reviewed and agreed upon

Question 19

Physical Network Diagram

Answer 19

Shows the actual physical arrangement of network components

Question 20

Logical Network Diagram

Answer 20

Illustrates the flow of data across a network and how devices communicate with each other

Question 21

Wiring Diagram

Answer 21

Labels which cables are connected to which ports

Question 22

Radio Frequency (Wireless) Site Survey

Answer 22

Planning/designing a wireless network to deliver the required wireless solution

Question 23

Wired Site Survey

Answer 23

Determines if a site has the right amount of power, space, and cooling to support a new upgrade or installation

Question 24

Audit and Assessment Report

Answer 24

Delivered after a formal assessment has been conducted

Question 25

Sensor

Answer 25

Monitors a device's temperature, CPU usage, and memory, which could indicate if it is operating properly or about to fail

Question 26

Minor Temperature Threshold

Answer 26

Set off an alert when a rise in temperature is detected but hasn't reached dangerous levels

Question 27

Major Temperature Threshold

Answer 27

Used to set off an alarm when temperature reaches dangerous conditions

Question 28

Safe temperature range for network devices

Answer 28

between 50 and 90 F

Question 29

Network Availability

Answer 29

*How well a network can respond to connectivity and performance demands *Measured as Uptime: Time network was up ÷ time network was down in a monitoring period

Question 30

Mean Time to Repair (MTTR)

Answer 30

Average time it takes to repair a device

Question 31

Mean Time Between Failures (MTBF)

Answer 31

Average time between when failures occur on a device

Question 32

Cloud Site

Answer 32

Allows for the creation of a recovery version of an organization's enterprise network in the cloud

Question 33

Recovery Time Objective (RTO)

Answer 33

Time and service level within which a business process must be restored to avoid unacceptable consequences

Question 34

Recovery Point Objective (RPO)

Answer 34

Time during a disruption before data lost exceeds the maximum allowable threshold or tolerance

Question 35

Full Backup

Answer 35

Complete backup of every single file on a machine

Question 36

Backs up data that changed since last backup

Answer 36

Incremental Backup

Question 37

Snapshot

Answer 37

Read-only copy of data frozen in time

Question 38

Power Distribution Unit (PDU)

Answer 38

Distributes electric power to rack of computers and networking equipment located in a data center

Question 39

Pre-Action System

Answer 39

A detector actuation like a smoke detector and sprinkler must be tripped prior to water being released

Question 40

Statement of Work (SOW)

Answer 40

A document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines. (not on going like SLA)

Question 41

Policy vs. Standard

Answer 41

* Policies are plans that describe the goal of an established procedure (Acceptable use, Physical Security, or VPN access) * Standards are the mechanisms implemented to achieve that goal. VPN and HTTPS are examples of protocols and industry standards.