Test Tips

 < Free Open Study > 



The following operational/organizational Test Tips are in place to give you a well-needed edge in the exam room. Focus on them well for they may be the keys to your success. Please remember that some of these tips are not mentioned in the chapter. Some of them come from hands-on experience; others are from important security conceptual references.

  • Penetration testing is used to see how vulnerable a current environment is to risk and vulnerability. This testing is often done with an attacker's perspective in mind.

  • In operational security management terms, the protection of Confidentiality, Integrity, and Availability make up what is known as the CIA Triad.

  • CCTVs (closed-circuit televisions) are often used in combination with surveillance cameras as physical security monitoring devices. CCTVs' signals use private channels to provide a signal from the TV to the camera. They do not broadcast signals to public areas.

  • The exam is likely to confront you with the proper suppression methods that should be implemented in case of a fire.

  • The best way to protect the information stored on portable systems such as laptop computers, PDAs and wireless cell phones is to use encryption if possible.

  • Secured doors should be resistant to forcible entry and should unlock automatically in the case of an emergency. It is very important that you know this for the exam.

  • The goal of a solid disaster recovery plan is to provide proper policies, procedures, and documentation for backup and restoration of facilities and data in the event of an emergency.

  • A GFS backup strategy provides the fastest and easiest restore.

  • In order to define and implement a solid BCP, the first step is to define and document the goals that the BCP is expected to achieve. This includes identifying which of the company's functions are essential to daily operations and possibly at risk.

  • Many modern day operating systems such as certain versions of Microsoft Windows and Linux offer the ability, through software, to implement server or resource clustering.

  • SLAs are agreements or contracts between vendors of services or products that specify what the service agreement will provide.

  • A Disaster Recovery Plan (DRP) focuses on the implementation of procedures that should be followed during and after a disaster. A Business Continuity Plan (BCP) focuses on prevention and how a disaster affects the overall business plan of an enterprise.

  • Building and network access should be granted to new employees based on their specific roles. The principle of least privilege should be considered with new as well as existing employees.

  • When an employee is terminated or leaves a company, all physical and logical access should be denied for the individual.

  • Two-Factor SSO is often a better way to go in order to provide better security in Single Sign-On environment. With Two-factor SSO, a user provides an ID and a password combination and is also required to authenticated with a token or biometric device.

  • Change Documentation is needed to preserve integrity to a program, network, system, or business when changes are needed and made to the configurations, policies, or documentation in general.

  • A chain of custody must be in place to ensure that it is always known where the evidence is physically located and who has possession of it.

  • If potential evidence is corrupted, damaged, or not handled with Due Care, the evidence might not be admissible in a court of law.

  • With qualitative risk analysis, threats and vulnerabilities are analyzed and defined. Then, controls are put into place to reduce or offset possible risks.

  • With quantitative risk analysis, risks are guessed and money and/or insurance are appropriated as a means to offset the risk.

  • Proper notification documentation should include emergency contact information for all company managers, security personnel, Human Resource personnel, network and disaster recovery teams (both local site and enterprise-wide if necessary), and building maintenance.

  • You will be tested on the proper document handling and document destruction basics. Know them.



 < Free Open Study > 



The Security+ Exam Guide. TestTaker's Guide Series
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net