Which of the following has an incorrect change control definition mapping?
Which of the following has an incorrect change control definition mapping?
i.Request for a change to take place Requests should be presented to an individual or group that is responsible for approving changes and overseeing the activities of changes that take place within an environment.
ii. Approval of the change The individual requesting the change should not justify the reasons and clearly show the benefits and possible pitfalls of the change.
iii. Documentation of the change Once the change is approved, it should be entered into a change log. The log should be updated as the process continues toward completion.
iv. Tested and presented The change must be fully tested to uncover any unforeseen results.
v. Implementation Once the change is fully tested and approved, a schedule should be developed that outlines the projected phases of the change being implemented and the necessary milestones.
vi. Report change to management A full report summarizing the change should be submitted to management.
Removing sensitive data on media devices, including all pointers within the system, is one way to prevent ____
Removing sensitive data on media devices, including all pointers within the system, is one way to prevent _______.
Which would require the lowest level of protection?
Which would require the lowest level of protection?
what operational security threat?
Increased developmental testing and the use of only operational data are good remedies to what operational security threat?
Which of the following is the typical culprit in this type of threat?
Corruption/modification is one of the biggest threats to an operations environment. Which of the following is the typical culprit in this type of threat?
Which of the following should not be put into place to reduce these concerns?
Bob is a new security administrator at a financial institution. The organization has experienced some suspicious activity on one of the critical servers that contain customer data. When reviewing how the systems are administered, he uncovers some concerning issues pertaining to remote administration. Which of the following should not be put into place to reduce these concerns?
i. Commands and data should not take place in cleartext
ii. SSH should be used, not Telnet.
iii. Truly critical systems should be administered locally instead of remotely.
iv. Only a small number of administrators should be able to carry out remote functionality.
v. Strong authentication should be in place for any administration activities.
which of the following?
As a general statement, employees who are transferring internally should go through which of the following?
What should Karen do with this report?
Karen is responsible for processing and printing reports for the senior management team and all security administrators. Today, she notices that one report contains no data. What should Karen do with this report?
The preservation of a secure state in the event of failure is referred to as ___________.
The preservation of a secure state in the event of failure is referred to as ___________.
A company that wishes to maximize data writing efficiency should _______.
A company that wishes to maximize data writing efficiency should _______.