Security+ - Domain 5 - Compliance and Operational Security (Study)

Card Set Information

Author:
mpskeeter
ID:
310936
Filename:
Security+ - Domain 5 - Compliance and Operational Security (Study)
Updated:
2015-11-04 22:01:47
Tags:
Security Compliance Operational Study
Folders:
Security+
Description:
Security+ Domain 5 - Compliance and Operational Security (Study)
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user mpskeeter on FreezingBlue Flashcards. What would you like to do?


  1. Order of Volatility
    • Register Cache
    • Routing Table Memory
    • Temporary File System (SWAP)
    • Disks or Other Storage Media
    • Remote Logging and Monitoring Data
    • Archival Media
  2. Exposure Factor(EF)
    % of loss experienced by a realized risk
  3. Single Loss Expectancy (SLE)
    SLE = Asset Value (AV) * Exposure Factor (EF)
  4. Annualized Rate of Occurence (AOR)
    Frequency of Occurrence per Year
  5. Annualized Loss Expectancy (ALE)
    ALE = Single Loss Expectancy (SLE) * Annualized Rate of Occurence (ARO)
  6. Backup Types
    • Full:
    •         Backs up all files regardless of the archive bit
    •         Archive bit reset (YES)
    • Incremental:
    •         Backs up files on which the archive bit is set to 1
    •         Backs up all newly created or modified files since last full or incremental backup
    •         Archive bit reset (YES)
    • Differential:
    •         Backs up files on which the archive bit is set to 1
    •         Backs up all newly created or modified files since last full backup
    •         Archive bit reset (NO)
    • Copy:
    •         Backs up all files regardless of the archive bit status
    •         Archive bit reset (NO)
  7. Full Backup
    • Backup:
    •         May take a long time to perform each backup
    •         May require large tapes for each backup
    • Restore:
    •         Restore only the last backup
    •         Takes the longest to perform backup, but is the fastest method to make a complete restore
  8. Full + Incremental
    • Backup:
    •         Fastest backup method
    • Restore:
    •         Restore the last full backup then every subsequent incremental backup
    •         Provides a good balance between backup and restore times
  9. Full + Differential
    • Backup:
    •         Takes progressively longer to complete, as time elapses since the last full backup
    • Restore:
    •         Restore the last full backup, then the last differential backup
    •         Next to a full backup, the is the fastest restore method
  10. Security Control Types
    • Technical
    • Management
    • Operational
  11. Technical Controls
    • Enhances security of the network
    • Examples:
    •         User Authentication
    •         Firewall
    •         Antivirus
    •         Encryption
    •         Logical Controls
    •         Access Controls
    •         Audit Accountability
    •         Authentication + Identification
    •         Security Systems
    •         System + Communication
    •         Network Access Control (NAC)
    •         RADIUS
    •         TACACS+
  12. Management Controls
    • Policy + Procedures
    • Examples:
    •         Security Awareness program
    •         Program Management
    •         Security Assessment
    •         Planning
    •         Risk Assessment
    •         Systems + Services Acquisition
    •         Hiring Practices
    •         Background Checks
  13. Operational Controls
    • How people in the organization should have data, software and hardware
    • Examples:
    •         Configuration Management (Device Configuration)
    •         Contingency Planning
    •         Awareness Training
    •         Incident Response
    •         Maintenance
    •         Media Protection
    •         Physical:
    •                 Doors
    •                 Guards
    •                 Locks
    •                 Surveillance Systems
    •                 Proper Lighting
    •                 Barricades
    •                 Mantrap
    •         Environmental:
    •                 Smoke Detectors
    •                 Fire Detectors
    •                 Alarms
    •                 Sensors
    •                 Flood Detectors
    •                 Fire Extinguishers
    •                 Temperature and humidity control systems
    •                 Emergency backup power
    •                 Hazard Vulnerability Testing
  14. Risk Mitigation Countermeasures
    • Risk Avoidance
    • Risk Transference
    • Risk Acceptance
    • Risk Deterrence
    • Risk Mitigation
  15. Heeating, Ventilation, Air Conditioning (HVAC)
    • Temperature:
    •                 Between 60° and 75°
    • Humidity:
    •                 Between 40% and 60%
    •                 Electrostatic damage (<40%)
    •                 Condensation/corrosion (>60%)
  16. High Availablity
    • 99.999%
    • five 9's rule
  17. Steps to Incident Response
    • 1 Preparation
    • 2 Identification
    • 3 Containment
    • 4 Eradication
    • 5 Recovery
    • 6 Follow up
  18. Service Level Agreement (SLA)
    • Agreement between you or your company and a service provider
    • Can include:
    •                 Mean Time Between Failures (MTBF)
    •                 Mean Time To Repair (MTTR)
    •                 Maximum Tolerable Downtime (MTD)
    •                 System utlization rates
    •                 System up-times
    •                 Volume of transactions
  19. Business Continuity Planning (BCP)
    • Maintain business operations with reduced or restricted infrastructure
    •                 Avoid/Remove Single points of failure
    •                 Properly plan and test your BCP
    •                 Continuity of operations
    •                 Disaster Recovery
    •                 Succession Planning
  20. Fire Suppression
    • Class C:
    •      Electrical, Wires, Equipment
    •      CO2, Halon or dry powder, Argonite, FE-13, FM-200

What would you like to do?

Home > Flashcards > Print Preview