Self Assessment Chapter 21
To oversee the change management process, most organizations establish a [a]. In practice, a [b] not only facilitates adequate management oversight, but also facilitates better coordination between projects.
change control board CCB
When determining the level of risk of exposure for data in storage, transit, or during processing, which of the following is not a factor?
data type time quantity and access are
Change [a] procedures can add structure and control to the development and management of large software systems as they move from development to implementation and during operation. Change [b] refers to a standard methodology for performing and recording changes during software development and system operation. The methodology defines steps that ensure that system [c] are required by the organization and are properly authorized, documented, tested, and approved by management. In many conversations, the term configuration [d] is considered synonymous with change management and, in a more limited manner, version control or release control.
management management changes Management
Why should developers and tester avoid using "live" production data to preform various testing activities?
The use of live production data can jeopardize the confidentiality and integrity of production data
Which of the following is a indicator of Compromise (IOC)?
Unusual outbound traffic Traffic to unusual foreign IP address Discovery of large encrypted data blocks that you don't know the purpose of
Which of the following correctly defines the principle of least privilege?
Users have no more privileges than are necessary to preform their jobs
What is the last step of the incident response process?
lessons learned
Change management
A standard methodology for performing and recording changes during software development and operation
Baseline
A system or software as it is built and functioning at a specific point in time.
Capability Maturity Model Integration (CMMI)
A trademarked process improvement methodology for software engineering.
During an initial response to an incident, which of the following is most important
Accurate information
Which of the following are critical elements in an incident response toolkit?
Accurate network diagram list critical data/ systems Phone list of people pn call by area
Software change management procedures are established to:
Add structure and control to the development of software systems
Configuration status accounting
Procedures for tracking and maintaining data relative to each configuration item in the baseline.
While working on an investigation, a colleague hands you a list of file creation and access times taken from a compromised workstation. To match the times with file access and creation times from other systems, what do you need to account for?
Record time offsets
Which of the following does not adhere to the principles of separation of duties
Software development, testing, quality assurance, and production should be assigned to the same individuals
A sysadmin thinks a machine is under attack, so he logs in as root and attempts to see what is happening in the machine. What common mistake is likely to occur?
The alteration of time/date stamps on files and objects in the system
Configuration Control is:
The process of controlling changes to items have been baselined
Configuration control
The process of controlling changes to items that have been baselined.
Configuration identification
The process of identifying which assets need to be managed and controlled.
Configuration auditing
The process of verifying that configuration items are built and maintained according to requirements, standards, or contractual agreements.
Configuration auditing is:
The process of verifying the configuration items are built and maintained properly
Configuration identification is:
The process of identifying which assets need to be manages and controlled
Separation of duties
A basic control that prevents or detects errors and irregularities by assigning responsibilities to different individuals so that no single individual can commit fraudulent or malicious actions
Which if the following activities should you do during incident response investigation with APT
Use the corporate e-mail system to communicate
Change control board (CCB)
A body that oversees the change management process and enables management to oversee and coordinate projects.
Your organization experienced an ATP hack in the past and is very intrested in preventing a reoccurance. What step fo the attack path is the best step at which to combat APT style attacks
Lateral movement
Which position is responsible for approving the movement of executable code to the production system
Manager
Which of the following are the four general phases that change mangement and configuration management use for their various phases?
Configuration control Configuration identification Configuration status accounting Configuration auditing
The goals of an incident response process include all of the following:
Confirm or dispel and incident occurrence protect privacy rights minimize system disruption
Configuration management
Considered synonymous with change management and, in a more limited manner, version control or release control.
Configuration items
Data or software (or other asset) that is identified and managed as part of the software change management process
The purpose of change control boards (CCB)
Facilitate management oversight and better project coordination
Why should end users not be given access to program source codes?
It could allow an end user to identify weakness or errors in the source code
