Ch 14 - Review Questions

¡Supera tus tareas y exámenes ahora con Quizwiz!

Name a compliance standard that is not a federal regulation.

(Payment Card Industry Data Security Standard) PCI DSS

The only exception to the rule of having a written emergency action plan (EAP) is when an employer has ____ or fewer employees.

10

What is a cold site related to information technology?

A cold site is an empty disaster recovery facility with only power and cooling but no equipment or racks.

What is a service level agreement?

A formal agreement typically between a service provider and a client or an end user

What arrangement is used to facilitate the creation of future agreements between entities?

A master service agreement

What is an MOU, and what is its purpose?

A memorandum of understanding, or MOU, is a formal agreement between two or more parties that establishes an official service partnership.

What policy informs users of proper system usage?

Acceptable use policy

What are types of service agreements?

Acceptable use policy (AUP) Statement of work (SOW) Master service agreement (MSA) Service level agreement (SLA) Memorandum of understanding (MOU)

Provide a definition of an exit route, as defined by 29 CFR 1910.36.

An exit route is a continuous and unobstructed path of travel from any area within a workplace to a place of safety.

a retina scanner is an example of

Biometrics

What are the disaster recovery sites?

Cold site warm site hot site

SLA (service level agreement)

Defines the level of service expected from the service provider

MLA (master license agreement)

Defines the owner rights, terms, and conditions related to intellectual property

What type of backup includes all data that has changed since the last full backup?

Differential backup

What type of backup? Takes less time and less storage space

Differential backup

What are the types of backups?

Differential backups Full backups incremental backups

What documents should be reviewed in preparation for an OSHA inspection?

EAP MSDS

How does FERPA define education records?

FERPA defines education records as those that are directly related to a student and that are maintained by an educational agency or institution or a party acting for or on behalf of the agency or institution.

What are international export controls?

Federal laws and regulations governing the export of materials, data, technical information, services, technologies, software, and hardware to foreign countries based on national security, foreign policy, and trade sanctions

What type of backup? Takes a long time, depending on the size of the source

Full backup

What type of backup? Takes up a large amount of storage space if archives need to be kept

Full backup

A loan officers often dispose of the client paperwork by throwing it away in a trash can. What compliance regulation may your company be violating?

Gramm-Leach-Bliley Act (GLBA)

To ensure the environment is correct for your data center resources, this system is used.

HVAC

refers to information technology systems that are in continuous operation for a long time, with minimal downtime.

High availability

Which of the following types of disaster recovery sites is a full-blown operational facility with power, cooling, and equipment racked and powered up, with network connectivity?

Hot site

What type of backup? Includes data that has changed since the previous backup copy

Incremental backup

What type of backup? Takes the least time and the least storage space

Incremental backup

How is the IT part of an organization involved with the regulations defined by FERPA, FISMA, GLBA, HIPAA, and PCI DSS?

Information technology plays a very important role in fulfilling these mandates, as the data that these regulations aim to protect is stored in some database or server, processed by some software application, and transmitted on some network.

Related to IT, the acceptable use policy outlines what?

Internet Network Use of computer equipment

Which is a prime example of a service commonly covered by an SLA?

Internet service

What is the purpose of an emergency action plan?

It facilitates and organizes employer and employee actions during workplace emergencies.

What is a disaster recovery site?

It is a place where mission-critical systems can be housed to bring the organization back up and running in the event of a disaster.

What is the purpose of role separation in computer networking?

It is a practice of separating tasks and assigning them to different responsible groups or employees, thereby limiting full control of a service or information and eliminating conflicts of interest.

What is meant by the term high availability (HA) related to information technology systems?

It refers to information technology systems that are in continuous operation for a long time, with minimal downtime.

What is the purpose of 29 CFR 1910.37?

It specifies requirements for employers to properly maintain exit routes in order to prepare the workplace for successful emergency evacuation and minimize further danger to employees.

statements about Memorandum of understanding (MOU) : It is sometimes called a _______________ because it can be followed with a legally binding contract.

LOI (letter of intent)

A master license agreement defines

Licensing restrictions and the liabilities and/or penalties associated with violation The owner rights, terms, and conditions of the intellectual property How software can be used and distributed

High availability information technology systems implement

Load balancing Eliminating single points of failure Use of highly redundant systems

What is the name for a formal agreement between two or more parties to establish official service partnerships?

MOU, or memorandum of understanding

What are the types of agreements?

MSA (master service agreement) MLA (master license agreement) NDA (non-disclosure agreement) SLA (service level agreement)

is a metric that measures a system's reliability by identifying the average time between failures?

MTBF

What are the different types of business continuity and disaster recovery plans

MTBF (Mean Time Between Failure) MTTF (Mean Time to Failure) MTTR (Mean Time to Recover or Repair)

The average time that a piece of equipment will perform until failure is called _______.

MTTF

What is a metric that predicts the equipment runtime before a failure requires the equipment to be replaced?

MTTF

a metric that measures the average time it takes to bring a system back from failure?

MTTR

A network technician is setting up access for an HVAC technician to do maintenance in the server room. What safeguards need to be in place?

Make sure all servers are fully password protected.

What type of agreement is used when entering into a long negotiation of services when multiple contracts or agreements might be needed?

Master service agreement

MTTR (Mean Time to Recover or Repair)

Measures the average time it takes to bring a system back from failure

MTBF (Mean Time Between Failure)

Measures the system's reliability by identifying the average time between failures

What is an NDA?

Non-disclosure agreement - A legal agreement to bind a party or parties to not disclose or not share specific information

Every employer must comply with all applicable _____________.

OSHA standards

HA deployments have been widely deployed in power management. Why is this?

Power loss creates a big disruption in business continuity. Power management has used HA to supply electrical power from two or more different sources or separate feeds from the electrical company, sometimes known as redundant circuits. Also to create power redundancy, the system can be connected to a backup power source such as a UPS (uninterruptible power supply) or battery backups.

MTTF (Mean Time to Failure)

Predicts the equipment runtime before a failure requires the equipment to be replaced

What are steps in an incident response plan in order?

Preparation Identification Containment Eradication Recovery Follow-up

steps of the incident response policy

Preparation Identification Containment Eradication Recovery Follow-up

NDA (non-disclosure agreement)

Protects confidential information, proprietary information, intellectual property, or trade secrets

FISMA (Federal Information Security Management Act)

Protects government information, operations, and assets against security threats

parts of an inventory management system

Purchase documentation Ownership tracking Equipment disposal documentation

FERPA (Family Educational Rights and Privacy Act)

Requires all educational institutions to protect the privacy of student education records

GLBA (Gramm-Leach-Bliley Act)

Requires all financial institutions to protect customer financial information data to safeguard the financial information against security threats

HIPAA (Health Insurance Portability and Accountability Act)

Requires all health-related agencies to protect the PII (personally identifiable information) of patients

Which of the following is a critical component in avoiding accidents by identifying potential hazards?

SDS

Say that your company has suffered an Internet outage for two straight days, and you want to take legal action against the Internet service provider. What is the document you must review before pursuing legal action?

SLA

How do SLAs differ from MOUs?

SLAs do not contain details regarding how a service will be provided or delivered, nor do they provide operational guidelines.

MSA (master service agreement)

Simplifies the process for future subsequent agreements

What is used to define deliverables, schedules and time lines, and roles and responsibilities?

Statement of work

What are Biometric Systems

Systems that measure and analyze specific characteristics of the human body for the purpose of authentication

What is FERPA?

The Family Educational Rights and Privacy Act

Why are FERPA and HIPAA important to IT staff?

The information is typically stored on servers, which is the responsibility of IT personnel.

What is the purpose of a service agreement relative to the IT world?

This type of agreement specifies many criteria, which include but are not limited to the nature, description, and scope of a service as well as how the service will be governed, implemented, operated, tested, reported, and financed.

Why do organizations use MOUs?

To create guidelines with one another as they contribute their efforts and resources toward important projects or for sharing or exchanging of IT services without having to enter into a detailed and complex process of contracts

What is OSHA's mission?

To oversee and enforce safety standards in the workplace

Door access to an organization's server room is being scheduled. What are the best practices for door access control?

Use biometrics. Require key fobs. Require a proximity reader.

A warm site is

a not-yet-operational facility with power, cooling, and rack space; the equipment is onsite but not racked or powered up.

statements about maintaining exit routes: It should be maintained and available at ___________

all times.

Cold site

an empty facility with only power and cooling, but no equipment or racks.

An organization's written FPP must be ...

available to employees and kept at the workplace.

Incremental backups

backups only include data that has changed since the previous backup copy

Which of the following types of disaster recovery sites is an empty facility with only power and cooling but no equipment or racks?

cold site

Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: Information and records (data) are managed consistent with the organization's risk strategy to protect the __________________.

confidentiality, integrity, and availability of information

Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: The organization understands the ____________________ to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

cybersecurity risk

Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: The information system and assets are monitored at ______________ to identify cybersecurity events and verify the effectiveness of protective measures.

discrete intervals

statements about maintaining exit routes: It should be free of _____________________ and other decorations.

explosive or highly flammable furnishings

statements about Memorandum of understanding (MOU) : It is a _________________ between two or more parties to establish official service partnerships.

formal agreement

A hot site is a

full-blown operational facility with power, cooling, and equipment racked and powered up and connected to the network. It is a duplicate of the current data center.

statements about Memorandum of understanding (MOU) : Many IT organizations use MOUs to create _____________ with one another.

guidelines

HA stand for what?

high availability

Differential backups

includes all data that has changed since the last full backup

Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: Security policies, processes, and procedures are maintained and used to manage protection of _______________________.

information systems and assets

statements about Memorandum of understanding (MOU) : It is much _______________ than a contract.

less formal

statements about maintaining exit routes: There should be adequate _____________ for each exit route.

lighting

Compliance with NFPA is not ______________.

mandatory

There can be _________ under one MSA.

multiple SOWs

Government regulations are _________ legal agreements that are binding in the IT world?

not the only

statements about maintaining exit routes: It should be free of decorations or signs that _________________ of the exit door.

obscure the visibility

statements about Memorandum of understanding (MOU) : It outlines the terms and details of each party's _______________________.

requirements and responsibilities

Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: Recovery processes and procedures are executed and maintained to ensure _______________ of systems or assets affected by cybersecurity events.

timely restoration

According to OSHA, employers must provide _____________ upon initial assignment and at least annually for employees who use fire extinguishers.

training

statements about maintaining exit routes: It should be clearly _________________ by a sign reading "Exit."

visible and marked

Full backups

where all data is copied to a designed backup location or medium


Conjuntos de estudio relacionados

A&P 2: Chapter 19 (Cardiovascular System: Heart)

View Set

Español 3: Semstre 2 Final Examen

View Set

( 3 )- Medical Expense Insurance

View Set

Organizational Behavior Chapter 14 Quiz

View Set

The historical cost principle requires that when assets are acquired, they be recorded at Select one: a. market price. b. appralsal value. C. book value. d. cost.

View Set

RN Fundamentals Online Practice 2019 A (4/4)

View Set

IB Psych Cognitive Unit 4/20 Quiz Turnt it Up Blaze

View Set

Investments B BUS 454 Chapter 1 & 2 Homework

View Set