Ch 14 - Review Questions
Name a compliance standard that is not a federal regulation.
(Payment Card Industry Data Security Standard) PCI DSS
The only exception to the rule of having a written emergency action plan (EAP) is when an employer has ____ or fewer employees.
10
What is a cold site related to information technology?
A cold site is an empty disaster recovery facility with only power and cooling but no equipment or racks.
What is a service level agreement?
A formal agreement typically between a service provider and a client or an end user
What arrangement is used to facilitate the creation of future agreements between entities?
A master service agreement
What is an MOU, and what is its purpose?
A memorandum of understanding, or MOU, is a formal agreement between two or more parties that establishes an official service partnership.
What policy informs users of proper system usage?
Acceptable use policy
What are types of service agreements?
Acceptable use policy (AUP) Statement of work (SOW) Master service agreement (MSA) Service level agreement (SLA) Memorandum of understanding (MOU)
Provide a definition of an exit route, as defined by 29 CFR 1910.36.
An exit route is a continuous and unobstructed path of travel from any area within a workplace to a place of safety.
a retina scanner is an example of
Biometrics
What are the disaster recovery sites?
Cold site warm site hot site
SLA (service level agreement)
Defines the level of service expected from the service provider
MLA (master license agreement)
Defines the owner rights, terms, and conditions related to intellectual property
What type of backup includes all data that has changed since the last full backup?
Differential backup
What type of backup? Takes less time and less storage space
Differential backup
What are the types of backups?
Differential backups Full backups incremental backups
What documents should be reviewed in preparation for an OSHA inspection?
EAP MSDS
How does FERPA define education records?
FERPA defines education records as those that are directly related to a student and that are maintained by an educational agency or institution or a party acting for or on behalf of the agency or institution.
What are international export controls?
Federal laws and regulations governing the export of materials, data, technical information, services, technologies, software, and hardware to foreign countries based on national security, foreign policy, and trade sanctions
What type of backup? Takes a long time, depending on the size of the source
Full backup
What type of backup? Takes up a large amount of storage space if archives need to be kept
Full backup
A loan officers often dispose of the client paperwork by throwing it away in a trash can. What compliance regulation may your company be violating?
Gramm-Leach-Bliley Act (GLBA)
To ensure the environment is correct for your data center resources, this system is used.
HVAC
refers to information technology systems that are in continuous operation for a long time, with minimal downtime.
High availability
Which of the following types of disaster recovery sites is a full-blown operational facility with power, cooling, and equipment racked and powered up, with network connectivity?
Hot site
What type of backup? Includes data that has changed since the previous backup copy
Incremental backup
What type of backup? Takes the least time and the least storage space
Incremental backup
How is the IT part of an organization involved with the regulations defined by FERPA, FISMA, GLBA, HIPAA, and PCI DSS?
Information technology plays a very important role in fulfilling these mandates, as the data that these regulations aim to protect is stored in some database or server, processed by some software application, and transmitted on some network.
Related to IT, the acceptable use policy outlines what?
Internet Network Use of computer equipment
Which is a prime example of a service commonly covered by an SLA?
Internet service
What is the purpose of an emergency action plan?
It facilitates and organizes employer and employee actions during workplace emergencies.
What is a disaster recovery site?
It is a place where mission-critical systems can be housed to bring the organization back up and running in the event of a disaster.
What is the purpose of role separation in computer networking?
It is a practice of separating tasks and assigning them to different responsible groups or employees, thereby limiting full control of a service or information and eliminating conflicts of interest.
What is meant by the term high availability (HA) related to information technology systems?
It refers to information technology systems that are in continuous operation for a long time, with minimal downtime.
What is the purpose of 29 CFR 1910.37?
It specifies requirements for employers to properly maintain exit routes in order to prepare the workplace for successful emergency evacuation and minimize further danger to employees.
statements about Memorandum of understanding (MOU) : It is sometimes called a _______________ because it can be followed with a legally binding contract.
LOI (letter of intent)
A master license agreement defines
Licensing restrictions and the liabilities and/or penalties associated with violation The owner rights, terms, and conditions of the intellectual property How software can be used and distributed
High availability information technology systems implement
Load balancing Eliminating single points of failure Use of highly redundant systems
What is the name for a formal agreement between two or more parties to establish official service partnerships?
MOU, or memorandum of understanding
What are the types of agreements?
MSA (master service agreement) MLA (master license agreement) NDA (non-disclosure agreement) SLA (service level agreement)
is a metric that measures a system's reliability by identifying the average time between failures?
MTBF
What are the different types of business continuity and disaster recovery plans
MTBF (Mean Time Between Failure) MTTF (Mean Time to Failure) MTTR (Mean Time to Recover or Repair)
The average time that a piece of equipment will perform until failure is called _______.
MTTF
What is a metric that predicts the equipment runtime before a failure requires the equipment to be replaced?
MTTF
a metric that measures the average time it takes to bring a system back from failure?
MTTR
A network technician is setting up access for an HVAC technician to do maintenance in the server room. What safeguards need to be in place?
Make sure all servers are fully password protected.
What type of agreement is used when entering into a long negotiation of services when multiple contracts or agreements might be needed?
Master service agreement
MTTR (Mean Time to Recover or Repair)
Measures the average time it takes to bring a system back from failure
MTBF (Mean Time Between Failure)
Measures the system's reliability by identifying the average time between failures
What is an NDA?
Non-disclosure agreement - A legal agreement to bind a party or parties to not disclose or not share specific information
Every employer must comply with all applicable _____________.
OSHA standards
HA deployments have been widely deployed in power management. Why is this?
Power loss creates a big disruption in business continuity. Power management has used HA to supply electrical power from two or more different sources or separate feeds from the electrical company, sometimes known as redundant circuits. Also to create power redundancy, the system can be connected to a backup power source such as a UPS (uninterruptible power supply) or battery backups.
MTTF (Mean Time to Failure)
Predicts the equipment runtime before a failure requires the equipment to be replaced
What are steps in an incident response plan in order?
Preparation Identification Containment Eradication Recovery Follow-up
steps of the incident response policy
Preparation Identification Containment Eradication Recovery Follow-up
NDA (non-disclosure agreement)
Protects confidential information, proprietary information, intellectual property, or trade secrets
FISMA (Federal Information Security Management Act)
Protects government information, operations, and assets against security threats
parts of an inventory management system
Purchase documentation Ownership tracking Equipment disposal documentation
FERPA (Family Educational Rights and Privacy Act)
Requires all educational institutions to protect the privacy of student education records
GLBA (Gramm-Leach-Bliley Act)
Requires all financial institutions to protect customer financial information data to safeguard the financial information against security threats
HIPAA (Health Insurance Portability and Accountability Act)
Requires all health-related agencies to protect the PII (personally identifiable information) of patients
Which of the following is a critical component in avoiding accidents by identifying potential hazards?
SDS
Say that your company has suffered an Internet outage for two straight days, and you want to take legal action against the Internet service provider. What is the document you must review before pursuing legal action?
SLA
How do SLAs differ from MOUs?
SLAs do not contain details regarding how a service will be provided or delivered, nor do they provide operational guidelines.
MSA (master service agreement)
Simplifies the process for future subsequent agreements
What is used to define deliverables, schedules and time lines, and roles and responsibilities?
Statement of work
What are Biometric Systems
Systems that measure and analyze specific characteristics of the human body for the purpose of authentication
What is FERPA?
The Family Educational Rights and Privacy Act
Why are FERPA and HIPAA important to IT staff?
The information is typically stored on servers, which is the responsibility of IT personnel.
What is the purpose of a service agreement relative to the IT world?
This type of agreement specifies many criteria, which include but are not limited to the nature, description, and scope of a service as well as how the service will be governed, implemented, operated, tested, reported, and financed.
Why do organizations use MOUs?
To create guidelines with one another as they contribute their efforts and resources toward important projects or for sharing or exchanging of IT services without having to enter into a detailed and complex process of contracts
What is OSHA's mission?
To oversee and enforce safety standards in the workplace
Door access to an organization's server room is being scheduled. What are the best practices for door access control?
Use biometrics. Require key fobs. Require a proximity reader.
A warm site is
a not-yet-operational facility with power, cooling, and rack space; the equipment is onsite but not racked or powered up.
statements about maintaining exit routes: It should be maintained and available at ___________
all times.
Cold site
an empty facility with only power and cooling, but no equipment or racks.
An organization's written FPP must be ...
available to employees and kept at the workplace.
Incremental backups
backups only include data that has changed since the previous backup copy
Which of the following types of disaster recovery sites is an empty facility with only power and cooling but no equipment or racks?
cold site
Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: Information and records (data) are managed consistent with the organization's risk strategy to protect the __________________.
confidentiality, integrity, and availability of information
Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: The organization understands the ____________________ to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
cybersecurity risk
Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: The information system and assets are monitored at ______________ to identify cybersecurity events and verify the effectiveness of protective measures.
discrete intervals
statements about maintaining exit routes: It should be free of _____________________ and other decorations.
explosive or highly flammable furnishings
statements about Memorandum of understanding (MOU) : It is a _________________ between two or more parties to establish official service partnerships.
formal agreement
A hot site is a
full-blown operational facility with power, cooling, and equipment racked and powered up and connected to the network. It is a duplicate of the current data center.
statements about Memorandum of understanding (MOU) : Many IT organizations use MOUs to create _____________ with one another.
guidelines
HA stand for what?
high availability
Differential backups
includes all data that has changed since the last full backup
Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: Security policies, processes, and procedures are maintained and used to manage protection of _______________________.
information systems and assets
statements about Memorandum of understanding (MOU) : It is much _______________ than a contract.
less formal
statements about maintaining exit routes: There should be adequate _____________ for each exit route.
lighting
Compliance with NFPA is not ______________.
mandatory
There can be _________ under one MSA.
multiple SOWs
Government regulations are _________ legal agreements that are binding in the IT world?
not the only
statements about maintaining exit routes: It should be free of decorations or signs that _________________ of the exit door.
obscure the visibility
statements about Memorandum of understanding (MOU) : It outlines the terms and details of each party's _______________________.
requirements and responsibilities
Components of the NIST Framework for Improving Critical Infrastructure Cybersecurity: Recovery processes and procedures are executed and maintained to ensure _______________ of systems or assets affected by cybersecurity events.
timely restoration
According to OSHA, employers must provide _____________ upon initial assignment and at least annually for employees who use fire extinguishers.
training
statements about maintaining exit routes: It should be clearly _________________ by a sign reading "Exit."
visible and marked
Full backups
where all data is copied to a designed backup location or medium
