Chapter 14
MSA (master service agreement)
Simplifies the process for future subsequent agreements
SOW
Statement of Work
What is used to define deliverables, schedules and time lines, and roles and responsibilities?
Statement of work
Biometric systems
Systems that measure and analyze specific characteristics of the human body for the purpose of authentication
Differential backup
Takes less time and less storage space
Full backup
Takes up a large amount of storage space if archives need to be kept Takes a long time, depending on the size of the source
Why are FERPA and HIPAA important to IT staff?
The information is typically stored on servers, which is the responsibility of IT personnel.
Biometric systems
systems that measure and analyze specific characteristics of the human body for the purpose of authentication
What is a service level agreement?
A formal agreement typically between a service provider and a client or an end user
Hot
A full-blown operational facility with power, cooling, and equipment racked, powered up and connected to the network
What is an MOU, and what is its purpose?
A memorandum of understanding, or MOU, is a formal agreement between two or more parties that establishes an official service partnership.
Which of the following is not part of the NIST Framework for Improving Critical Infrastructure Cybersecurity?
Anomalous activity is detected within a one-month period, and the potential impact of events is understood.
How does FERPA define education records?
FERPA defines education records as those that are directly related to a student and that are maintained by an educational agency or institution or a party acting for or on behalf of the agency or institution
According to OSHA, portable fire extinguishers can be operated by anyone.
False
Compliance with NFPA is mandatory
False
FERPA
Family Educational Rights and Privacy Act
FISMA
Federal Information Security Management Act
What are international export controls?
Federal laws and regulations governing the export of materials, data, technical information, services, technologies, software, and hardware to foreign countries based on national security, foreign policy, and trade sanctions
Say that you are working for a loan company. Your loan officers often dispose of the client paperwork by throwing it away in a trash can. What compliance regulation may your company be violating?
GLBA
GLBA
Gramm-Leach-Bliley Act
HIPAA
Health Insurance Portability and Accountability Act
HVAC
Heating, Ventilation and Air Conditioning
Which of the following types of disaster recovery sites is a full-blown operational facility with power, cooling, and equipment racked and powered up, with network connectivity?
Hot site
What is meant by the term high availability related to information technology systems?
It refers to information technology systems that are in continuous operation for a long time, with minimal downtime.
The following are correct statements about maintaining exit routes
It should be free of explosive or highly flammable furnishings and other decorations. There should be adequate lighting for each exit route. It should be clearly visible and marked by a sign reading "Exit." It should be free of decorations or signs that obscure the visibility of the exit door. It should be maintained and available at all times.
What is the purpose of 29 CFR 1910.37?
It specifies requirements for employers to properly maintain exit routes in order to prepare the workplace for successful emergency evacuation and minimize further danger to employees.
A master license agreement defines which of the following?
Licensing restrictions and the liabilities and/or penalties associated with violation How software can be used and distributed The owner rights, terms, and conditions of the intellectual property
SLA
Service Level Agreement
Which of the following are types of service agreements.
Service level agreement (SLA) Master service agreement (MSA) Statement of work (SOW) Acceptable use policy (AUP) Memorandum of understanding (MOU)
What is a cold site related to information technology?
A cold site is an empty disaster recovery facility with only power and cooling but no equipment or racks.
Warm
A not-yet-operational facility with power, cooling, and rack space, and the equipment is onsite but not racked or powered up
CFR
Code of Federal Regulations
What policy informs users of proper system usage?
Acceptable use policy
Which of the following types of disaster recovery sites is an empty facility with only power and cooling but no equipment or racks?
Cold site
Cold
An empty facility with only power and cooling, but no equipment or racks
Provide a definition of an exit route, as defined by 29 CFR 1910.36.
An exit route is a continuous and unobstructed path of travel from any area within a workplace to a place of safety
SLA (service level agreement)
Defines the level of service expected from the service provider
MLA (master license agreement)
Defines the owner rights, terms, and conditions related to intellectual property
Which of the following are steps in an incident response plan?
Eradication Containment Identification Preparation Follow-up Recovery
What type of backup includes all data that has changed since the last full backup?
Differential backup
EAP
Emergency Action Plan
Incremental backup
Includes data that has changed since the previous backup copy Takes the least time and the least storage space
How is the IT part of an organization involved with the regulations defined by FERPA, FISMA, GLBA, HIPAA, and PCI DSS?
Information technology plays a very important role in fulfilling these mandates, as the data that these regulations aim to protect is stored in some database or server, processed by some software application, and transmitted on some network.
Which of the following is a prime example of a service commonly covered by an SLA?
Internet service
What is the purpose of an emergency action plan?
It facilitates and organizes employer and employee actions during workplace emergencies.
The following are correct statements about MOU:
It is a formal agreement between two or more parties to establish official service partnerships. It outlines the terms and details of each party's requirements and responsibilities. It is sometimes called a LOI (letter of intent) because it can be followed with a legally binding contract. It is much less formal than a contract. Many IT organizations use MOUs to create guidelines with one another.
What is a disaster recovery site?
It is a place where mission-critical systems can be housed to bring the organization back up and running in the event of a disaster.
What is the purpose of role separation in computer networking?
It is a practice of separating tasks and assigning them to different responsible groups or employees, thereby limiting full control of a service or information and eliminating conflicts of interest.
What is the name for a formal agreement between two or more parties to establish official service partnerships?
MOU, or memorandum of understanding
Which of these documents should be reviewed in preparation for an OSHA inspection?
MSDS EAP
Which of the following is a metric that measures a system's reliability by identifying the average time between failures?
MTBF
Which of the following is a metric that predicts the equipment runtime before a failure requires the equipment to be replaced?
MTTF
Which of the following is a metric that measures the average time it takes to bring a system back from failure?
MTTR
A network technician is setting up access for an HVAC technician to do maintenance in the server room. What safeguards need to be in place?
Make sure all servers are fully password protected.
MLA
Master License Agreement
MSA
Master Service Agreement
What type of agreement is used when entering into a long negotiation of services when multiple contracts or agreements might be needed?
Master service agreement
MSDS
Material Safety Data Sheets
MTTR (Mean Time to Recover or Repair)
Measures the average time it takes to bring a system back from failure
MTBF (Mean Time Between Failure)
Measures the system's reliability by identifying the average time between failures
SDS
Safety Data Sheets
NFPA
National Fire Protection Association
Related to IT, the acceptable use policy outlines which of the following?
Network Use of computer equipment Internet
NDA
Non-Disclosure Agreement
What is an NDA?
Non-disclosure agreement A legal agreement to bind a party or parties to not disclose or not share specific information
OSH Act
Occupational Safety and Health Act
OSHA
Occupational Safety and Health Administration
Name a compliance standard that is not a federal regulation.
PCI DSS
PCI DSS
Payment Card Industry Data Security Standard
HA deployments have been widely deployed in power management. Why is this?
Power loss creates a big disruption in business continuity. Power management has used HA to supply electrical power from two or more different sources or separate feeds from the electrical company, sometimes known as redundant circuits. Also to create power redundancy, the system can be connected to a backup power source such as a UPS (uninterruptible power supply) or battery backups.
MTTF (Mean Time to Failure)
Predicts the equipment runtime before a failure requires the equipment to be replaced
the steps of the incident response policy
Preparation Identification Containment Eradication Recovery Follow-up
NDA (non-disclosure agreement)
Protects confidential information, proprietary information, intellectual property, or trade secrets
FISMA (Federal Information Security Management Act)
Protects government information, operations, and assets against security threats
FERPA (Family Educational Rights and Privacy Act)
Requires all educational institutions to protect the privacy of student education records
GLBA (Gramm-Leach-Bliley Act)
Requires all financial institutions to protect customer financial information data to safeguard the financial information against security threats
HIPAA (Health Insurance Portability and Accountability Act)
Requires all health-related agencies to protect the PII (personally identifiable information) of patients
Which of the following is a critical component in avoiding accidents by identifying potential hazards?
SDS
Say that your company has suffered an Internet outage for two straight days, and you want to take legal action against the Internet service provider. What is the document you must review before pursuing legal action?
SLA
How do SLAs differ from MOUs?
SLAs do not contain details regarding how a service will be provided or delivered, nor do they provide operational guidelines.
What is FERPA?
The Family Educational Rights and Privacy Act
Which of the following are components of the NIST Framework for Improving Critical Infrastructure Cybersecurity?
The information system and assets are monitored at discrete intervals to identify cybersecurity events and verify the effectiveness of protective measures. Recovery processes and procedures are executed and maintained to ensure timely restoration of systems or assets affected by cybersecurity events. The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals. Information and records (data) are managed consistent with the organization's risk strategy to protect the confidentiality, integrity, and availability of information. Security policies (that address purpose, scope, roles, responsibilities, management commitment, and coordination among organizational entities), processes, and procedures are maintained and used to manage protection of information systems and assets.
What is the purpose of a service agreement relative to the IT world?
This type of agreement specifies many criteria, which include but are not limited to the nature, description, and scope of a service as well as how the service will be governed, implemented, operated, tested, reported, and financed.
Why do organizations use MOUs?
To create guidelines with one another as they contribute their efforts and resources toward important projects or for sharing or exchanging of IT services without having to enter into a detailed and complex process of contracts
What is OSHA's mission?
To oversee and enforce safety standards in the workplace
An organization's written FPP must be available to employees and kept at the workplace.
True
Every employer must comply with all applicable OSHA standards.
True
The only exception to the rule of having a written emergency action plan (EAP) is when an employer has 10 or fewer employees
True
There can be multiple SOWs under one MSA.
True
Door access to an organization's server room is being scheduled. Which of the following are best practices for door access control?
Use biometrics Require a proximity reader. Require key fobs
FPP
fire prevention plan
MOU
memorandum of understanding
