Operational Procedures

Question 1

Includes procedures and guidelines for use of network resources written in terms appropriate to the user’s access level and technological knowledge, such as password creation and responsible network use

Answer 1

Acceptable use policies (AUPs)

Question 2

Govern codified expectations of user privacy and consent to security-based monitoring of user activity.

Answer 2

Privacy policies

Question 3

Specify exactly what steps will be taken in response to a security incident, in order to minimize and repair damage without exposing the network to further risk.

Answer 3

Incident response policies

Question 4

Specify the steps that will be taken to secure assets, protect staff, and maintain business operations in terms of natural or artificial disasters and disruptions.

Answer 4

Disaster planning and business continuity

Question 5

Guidelines for updating policies and procedures to suit changing needs, without introducing new vulnerabilities.

Answer 5

Change management policies

Question 6

Lists of step by step instructions to perform routine tasks.

Answer 6

Standard operating procedures (standing operating procedures in military organizations)

Question 7

Regulations for all federal government agencies

Answer 7

FISMA

Question 8

Regulations for patient data in health care systems

Answer 8

HIPAA

Question 9

Regulations for corporate financial data

Answer 9

Sarbanes-Oxley (SOX)

Question 10

Standards for systems handling payment card data

Answer 10

PCI-DSS

Question 11

Network and system documentation

Answer 11

1. Physical and logical diagrams of the network
2. A list of IT assets including hardware and software
3. Vendor documentation and configuration baselines
   for listed assets
4. Vendor documentation for deployed assets
5. Assigned MAC and IP addresses, and available IP
   addresses

Question 12

Managing IT inventory

Answer 12

IT asset management (ITAM)

Question 13

A way to track all assets in an automated fashion.

Answer 13

configuration management database (CMDB)

Question 14

The change management process

Answer 14

1. Identification
2. Change request
3. Approval
4. Preparation
5. Implementation
6. Follow-up

Question 15

Authority to determine whether the request is reasonable and necessary, and to identify any oversights or errors the original proposal might have.

Answer 15

change advisory board (CAB)

Question 16

A statement describing how management intends the organization is to be run

Answer 16

Policy

Question 17

A description of best practices or recommendations for achieving a certain policy goal

Answer 17

Guideline

Question 18

A technical definition of specific methodologies or requirements which are needed to satisfy policies

Answer 18

Standard

Question 19

A specific and ordered instruction for complying with a particular element of a policy or standard

Answer 19

Procedure

Question 20

Responding to an incident

Answer 20

Identify the problem
Report the incident
Preserve the data and devices involved in the incident.

Question 21

Documenting incidents

Answer 21

• A general description of the incident
• The total impact of the incident, including its scope,
  cost, and duration
• Policies which may have been violated
• Problems with the response process
• Recommendations for preventing recurrence

Question 22

The maximum expected amount of time needed to fully restore service after a disaster

Answer 22

RTO: Recovery time objective

Question 23

The maximum period of data which will be lost in the case of a disaster

Answer 23

RPO: Recovery point objective

Question 24

The average amount of time between when you install a device and when it will fail.

Answer 24

MTTF: Mean time to failure

Question 25

The average amount of time a component or system can remain online before it needs to be taken down for repair

Answer 25

MTBF: Mean time between failures

Question 26

The average amount of time a component or system will remain offline for repair in the event of a disaster

Answer 26

MTTR: Mean time to repair

Question 27

The ability of a system to continue operating in at least partial capacity despite the failure of one or more components.

Answer 27

Fault tolerance

Question 28

Preserve important files or folders so that they can be restored to the same or a different system when needed.

Answer 28

File level backups

Question 29

Copy entire hard drives or other storage volumes, allows you to quickly restore a fully configured computer to an operative state.

Answer 29

Image level backups

Question 30

Designed to back up application servers running database software or other critical, constantly running applications

Answer 30

Application-aware backups

Question 31

Backs up all files that are included in the backup policy regardless of their archive bits, then clears the bit for all files

Answer 31

Full Backup

Question 32

Backs up only files with a set archive bit, then clears the bit

Answer 32

Incremental Backup

Question 33

Backs up files with a set archive bit, but does not clear the bit after

Answer 33

Differential

Question 34

What are the three parts of first response when an incident occurs?

Answer 34

Identify
Report through proper channels
Data/device preservation

Question 35

According to the A+ exam guide, what is the purpose of the chain of custody?

Answer 35

Tracking of evidence/documenting process

Question 36

What does the acronym PCI denote?

Answer 36

Payment Card Industry

Question 37

What does the acronym GDPR denote?

Answer 37

General Data Protection Regulation

Question 38

Which documentation is maintained by hardware or software vendors?

Answer 38

knowledge base/articles

Question 39

What should be documented to ensure that you can return to normal operations and reverse a change if a change does not work or causes problems?

Answer 39

backout plan

Question 40

Which type of backup uses maximum disks and tapes for storing data?

Answer 40

Full backup

Question 41

Which device contains a battery and Automatic Voltage Regulation (AVR) circuitry to protect a computer from power sags?

Answer 41

Uninterruptible Power Supply (UPS)

Question 42

The average amount of time a component or system can remain online before it needs to be taken down for repair

Answer 42

Mean time between failures (MTBF)

Question 43

The maximum period of data which will be lost in the case of a disaster

Answer 43

Recovery point objective (RPO)

Question 44

The average amount of time between when a device is installed and when it will fail

Answer 44

Mean time to failure (MTTF)

Question 45

The average amount of time a component or system will remain offline for repair in the event of a disaster

Answer 45

Mean time to repair (MTTR)

Question 46

The maximum expected amount of time needed to fully restore service after a disaster

Answer 46

Recovery time objective (RTO)