B. White box penetration test C

696
Chapter 15 
■
Security Assessment and Testing
18.
What port is typically open on a system that runs an unencrypted HTTP server?
A.
22
B.
80
C.
143
D.
443
19.
Which one of the following is the final step of the Fagin inspection process?
A.
Inspection
B.
Rework
C.
Follow-up
D.
None of the above
20.
What information security management task ensures that the organization’s data protection 
requirements are met effectively?
A.
Account management
B.
Backup verification
C.
Log review
D.
Key performance indicators

Chapter 
16
Managing Security 
Operations
The CISSP exaM TOPICS COvered In 
ThIS ChaPTer InClude:
✓
Domain 7: Security Operations
■
7.4 Securely provisioning resources
■
7.4.1 Asset inventory
■
7.4.2 Asset management
■
7.4.3 Configuration management
■
7.5 Understand and apply foundational security operations 
concepts
■
7.5.1 Need-to-know/least privileges
■
7.5.2 Separation of duties and responsibilities
■
7.5.3 Privileged account management
■
7.5.4 Job rotation
■
7.5.5 Information lifecycle
■
7.5.6 Service-Level Agreements (SLAs)
■
7.6 Apply resource protection techniques
■
7.6.1 Media management
■
7.6.2 Hardware and software asset management
■
7.9 Implement and support patch and vulnerability 
management
■
7.10 Understand and participate in change management 
processes
■
7.16 Address personnel safety and security concerns
■
7.16.1 Travel
■
7.16.2 Security training and awareness
■
7.16.3 Emergency management
■
7.16.4 Duress

The Security Operations domain includes a wide range of 
security foundation concepts and best practices. This includes 
several core concepts that any organization needs to implement 
to provide basic security protection. The first section of this chapter covers these concepts.
Resource protection ensures that resources are securely provisioned when they’re 
deployed and throughout their lifecycle. Configuration management ensures that systems 
are configured correctly, and change management processes protect against outages from 
unauthorized changes. Patch and vulnerability management controls ensure that systems 
are up-to-date and protected against known vulnerabilities.
Applying Security Operations Concepts
The primary purpose for security operations practices is to safeguard assets including 
information, systems, devices, and facilities. These practices help identify threats and 
vulnerabilities, and implement controls to reduce the overall risk to organizational assets.
In the context of information technology (IT) security, 
due care
and 
due diligence
refers 
to taking reasonable care to protect the assets of an organization on an ongoing basis. 
Senior management has a direct responsibility to exercise due care and due diligence. 
Implementing the common security operations concepts covered in the following sections, 
along with performing periodic security audits and reviews, demonstrates a level of due 
care and due diligence that will reduce senior management’s liability when a loss occurs.

Download 19,3 Mb.

Do'stlaringiz bilan baham: