Chapter 14

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

MSA (master service agreement)

Simplifies the process for future subsequent agreements

SOW

Statement of Work

What is used to define deliverables, schedules and time lines, and roles and responsibilities?

Statement of work

Biometric systems

Systems that measure and analyze specific characteristics of the human body for the purpose of authentication

Differential backup

Takes less time and less storage space

Full backup

Takes up a large amount of storage space if archives need to be kept Takes a long time, depending on the size of the source

Why are FERPA and HIPAA important to IT staff?

The information is typically stored on servers, which is the responsibility of IT personnel.

Biometric systems

systems that measure and analyze specific characteristics of the human body for the purpose of authentication

What is a service level agreement?

A formal agreement typically between a service provider and a client or an end user

Hot

A full-blown operational facility with power, cooling, and equipment racked, powered up and connected to the network

What is an MOU, and what is its purpose?

A memorandum of understanding, or MOU, is a formal agreement between two or more parties that establishes an official service partnership.

Which of the following is not part of the NIST Framework for Improving Critical Infrastructure Cybersecurity?

Anomalous activity is detected within a one-month period, and the potential impact of events is understood.

How does FERPA define education records?

FERPA defines education records as those that are directly related to a student and that are maintained by an educational agency or institution or a party acting for or on behalf of the agency or institution

According to OSHA, portable fire extinguishers can be operated by anyone.

False

Compliance with NFPA is mandatory

False

FERPA

Family Educational Rights and Privacy Act

FISMA

Federal Information Security Management Act

What are international export controls?

Federal laws and regulations governing the export of materials, data, technical information, services, technologies, software, and hardware to foreign countries based on national security, foreign policy, and trade sanctions

Say that you are working for a loan company. Your loan officers often dispose of the client paperwork by throwing it away in a trash can. What compliance regulation may your company be violating?

GLBA

GLBA

Gramm-Leach-Bliley Act

HIPAA

Health Insurance Portability and Accountability Act

HVAC

Heating, Ventilation and Air Conditioning

Which of the following types of disaster recovery sites is a full-blown operational facility with power, cooling, and equipment racked and powered up, with network connectivity?

Hot site

What is meant by the term high availability related to information technology systems?

It refers to information technology systems that are in continuous operation for a long time, with minimal downtime.

The following are correct statements about maintaining exit routes

It should be free of explosive or highly flammable furnishings and other decorations. There should be adequate lighting for each exit route. It should be clearly visible and marked by a sign reading "Exit." It should be free of decorations or signs that obscure the visibility of the exit door. It should be maintained and available at all times.

What is the purpose of 29 CFR 1910.37?

It specifies requirements for employers to properly maintain exit routes in order to prepare the workplace for successful emergency evacuation and minimize further danger to employees.

A master license agreement defines which of the following?

Licensing restrictions and the liabilities and/or penalties associated with violation How software can be used and distributed The owner rights, terms, and conditions of the intellectual property

SLA

Service Level Agreement

Which of the following are types of service agreements.

Service level agreement (SLA) Master service agreement (MSA) Statement of work (SOW) Acceptable use policy (AUP) Memorandum of understanding (MOU)

What is a cold site related to information technology?

A cold site is an empty disaster recovery facility with only power and cooling but no equipment or racks.

Warm

A not-yet-operational facility with power, cooling, and rack space, and the equipment is onsite but not racked or powered up

CFR

Code of Federal Regulations

What policy informs users of proper system usage?

Acceptable use policy

Which of the following types of disaster recovery sites is an empty facility with only power and cooling but no equipment or racks?

Cold site

Cold

An empty facility with only power and cooling, but no equipment or racks

Provide a definition of an exit route, as defined by 29 CFR 1910.36.

An exit route is a continuous and unobstructed path of travel from any area within a workplace to a place of safety

SLA (service level agreement)

Defines the level of service expected from the service provider

MLA (master license agreement)

Defines the owner rights, terms, and conditions related to intellectual property

Which of the following are steps in an incident response plan?

Eradication Containment Identification Preparation Follow-up Recovery

What type of backup includes all data that has changed since the last full backup?

Differential backup

EAP

Emergency Action Plan

Incremental backup

Includes data that has changed since the previous backup copy Takes the least time and the least storage space

How is the IT part of an organization involved with the regulations defined by FERPA, FISMA, GLBA, HIPAA, and PCI DSS?

Information technology plays a very important role in fulfilling these mandates, as the data that these regulations aim to protect is stored in some database or server, processed by some software application, and transmitted on some network.

Which of the following is a prime example of a service commonly covered by an SLA?

Internet service

What is the purpose of an emergency action plan?

It facilitates and organizes employer and employee actions during workplace emergencies.

The following are correct statements about MOU:

It is a formal agreement between two or more parties to establish official service partnerships. It outlines the terms and details of each party's requirements and responsibilities. It is sometimes called a LOI (letter of intent) because it can be followed with a legally binding contract. It is much less formal than a contract. Many IT organizations use MOUs to create guidelines with one another.

What is a disaster recovery site?

It is a place where mission-critical systems can be housed to bring the organization back up and running in the event of a disaster.

What is the purpose of role separation in computer networking?

It is a practice of separating tasks and assigning them to different responsible groups or employees, thereby limiting full control of a service or information and eliminating conflicts of interest.

What is the name for a formal agreement between two or more parties to establish official service partnerships?

MOU, or memorandum of understanding

Which of these documents should be reviewed in preparation for an OSHA inspection?

MSDS EAP

Which of the following is a metric that measures a system's reliability by identifying the average time between failures?

MTBF

Which of the following is a metric that predicts the equipment runtime before a failure requires the equipment to be replaced?

MTTF

Which of the following is a metric that measures the average time it takes to bring a system back from failure?

MTTR

A network technician is setting up access for an HVAC technician to do maintenance in the server room. What safeguards need to be in place?

Make sure all servers are fully password protected.

MLA

Master License Agreement

MSA

Master Service Agreement

What type of agreement is used when entering into a long negotiation of services when multiple contracts or agreements might be needed?

Master service agreement

MSDS

Material Safety Data Sheets

MTTR (Mean Time to Recover or Repair)

Measures the average time it takes to bring a system back from failure

MTBF (Mean Time Between Failure)

Measures the system's reliability by identifying the average time between failures

SDS

Safety Data Sheets

NFPA

National Fire Protection Association

Related to IT, the acceptable use policy outlines which of the following?

Network Use of computer equipment Internet

NDA

Non-Disclosure Agreement

What is an NDA?

Non-disclosure agreement A legal agreement to bind a party or parties to not disclose or not share specific information

OSH Act

Occupational Safety and Health Act

OSHA

Occupational Safety and Health Administration

Name a compliance standard that is not a federal regulation.

PCI DSS

PCI DSS

Payment Card Industry Data Security Standard

HA deployments have been widely deployed in power management. Why is this?

Power loss creates a big disruption in business continuity. Power management has used HA to supply electrical power from two or more different sources or separate feeds from the electrical company, sometimes known as redundant circuits. Also to create power redundancy, the system can be connected to a backup power source such as a UPS (uninterruptible power supply) or battery backups.

MTTF (Mean Time to Failure)

Predicts the equipment runtime before a failure requires the equipment to be replaced

the steps of the incident response policy

Preparation Identification Containment Eradication Recovery Follow-up

NDA (non-disclosure agreement)

Protects confidential information, proprietary information, intellectual property, or trade secrets

FISMA (Federal Information Security Management Act)

Protects government information, operations, and assets against security threats

FERPA (Family Educational Rights and Privacy Act)

Requires all educational institutions to protect the privacy of student education records

GLBA (Gramm-Leach-Bliley Act)

Requires all financial institutions to protect customer financial information data to safeguard the financial information against security threats

HIPAA (Health Insurance Portability and Accountability Act)

Requires all health-related agencies to protect the PII (personally identifiable information) of patients

Which of the following is a critical component in avoiding accidents by identifying potential hazards?

SDS

Say that your company has suffered an Internet outage for two straight days, and you want to take legal action against the Internet service provider. What is the document you must review before pursuing legal action?

SLA

How do SLAs differ from MOUs?

SLAs do not contain details regarding how a service will be provided or delivered, nor do they provide operational guidelines.

What is FERPA?

The Family Educational Rights and Privacy Act

Which of the following are components of the NIST Framework for Improving Critical Infrastructure Cybersecurity?

The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. Information and records (data) are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information. Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.

What is the purpose of a service agreement relative to the IT world?

This type of agreement specifies many criteria, which include but are not limited to the nature, description, and scope of a service as well as how the service will be governed, implemented, operated, tested, reported, and financed.

Why do organizations use MOUs?

To create guidelines with one another as they contribute their efforts and resources toward important projects or for sharing or exchanging of IT services without having to enter into a detailed and complex process of contracts

What is OSHA's mission?

To oversee and enforce safety standards in the workplace

An organization's written FPP must be available to employees and kept at the workplace.

True

Every employer must comply with all applicable OSHA standards.

True

The only exception to the rule of having a written emergency action plan (EAP) is when an employer has 10 or fewer employees

True

There can be multiple SOWs under one MSA.

True

Door access to an organization's server room is being scheduled. Which of the following are best practices for door access control?

Use biometrics Require a proximity reader. Require key fobs

FPP

fire prevention plan

MOU

memorandum of understanding


Kaugnay na mga set ng pag-aaral

Data Architecture Practice Exam 1

View Set

PEDS immunizations, lead poisoning

View Set

Chapter 6 - Personal Risk Management

View Set