April 4 Jobs

April 4 Jobs

First, change management

1, the principle of change management is the first?

A: The principle of change management is to first establish the project baseline, change process and change Control Committee.

2. What are the more configuration tools in China?

Answer: There are rational clearcase,visualsvurcesafe and concurrentversions systemp.

3. Is CCB a decision-making body or an operating institution?

Answer: It is the decision-making body.

4. What is the role of the project manager in the change?

A: Mainly in response to the requirements of the change, assessment of the impact of the change on the project and the response plan, the requirements from the technical requirements into resource requirements for the decision of the authorized person, and according to the results of the implementation of the project benchmark to ensure that the project benchmarks reflect the implementation of the project.

5. Change of working procedure? Remember

A: Submit and accept the change request, the preliminary review of the change, the change plan argumentation, the project Change Committee reviews, issue the change notice and start the implementation, change the implementation monitoring, change effect evaluation, determine whether the project after the change has been put into the right track.

6. What is the purpose of the preliminary revision? Remember

A: 1) exert influence on the change author, confirm the necessity of the change, and ensure the change is valuable.

2) format check, integrity check, ensure that the information required for evaluation is fully prepared

3) Consensus on the proposed change information for evaluation in the stakeholder room

4) The common way to change the preliminary examination is to change the application document audit flow.

7. What are the negative aspects of the evaluation of the change effect?

A: 1) The first assessment basis, is the project benchmark.

2) It is also necessary to combine the original intention of the change to see whether the purpose of the change has been achieved

3) Evaluate the technical argumentation in the change plan, the gap between the economic argumentation content and the implementation process, and advance the solution.

8, for change, when can use batch processing, sub-priority way, in order to improve efficiency?

A: Under the circumstances of the overall pressure of the project, more emphasis should be placed on the proposed change, processing should be standardized, can be processed in batches, priority and other ways to improve efficiency.

9, the project size is small, and other projects associated with the hour, high-tech should be concise and efficient, need to pay attention to which three points?

A: 1) the impact on the change is factors. Prevent unnecessary changes, less unnecessary evaluation, and improve the efficiency of the adoption of necessary changes.

2) The confirmation of the change shall be formalized.

3) The operating procedure of the change should be normalized.

10. What topics should be included in the control of schedule changes? Remember

A: 1) determine the current status of the project progress.

2) exert influence on the factors that cause the change of schedule

3) Find out if the progress has changed

4) manage the actual changes as they occur.

11. What are the topics for controlling cost changes?

A: 1) impact on factors that contribute to cost benchmark changes

2) Ensure that the change request is approved

3) Manage these actual changes when the changes occur.

4) Ensure that the potential cost overruns do not exceed the authorized project stage funds and overall funds.

5) supervise the cost performance and find out the deviation from the cost benchmark.

6) accurately record all deviations from the cost benchmark

7) Prevent erroneous, inappropriate or unapproved changes from being included in the expense or Resource Usage report.

8) Notify interested parties of changes to the validation

9) Take measures to control the anticipated cost overruns within an acceptable range.

12. Please describe the difference between change management and configuration management.

A: If the project as a whole is treated as a configuration item, configuration management can be seen as a system for project integrity management, and change management may be considered as part of the project baseline adjustment. There are also two sets of mechanisms associated with visual change management and configuration management, which are called by the configuration management system when change management is adjusted by a project delivery or a baseline configuration: Change management should ultimately be fed back to the configuration management system to ensure that project execution is consistent with the project's accounts.

Second, security management

1, information security ternary group is what?

Answer: Confidentiality, completeness, availability.

2, the confidentiality of data generally through which to achieve?

Answer: Network security protocol, authentication service, encryption service

3. What are the technologies that ensure data integrity?

A: Non-repudiation of message source, firewall system, communication security, intrusion detection system

4. What are the technologies that ensure availability?

Answer: Disk and system fault tolerance and backup, acceptable login and process performance, reliable functional security processes and mechanisms.

5, in the iso/iec27001, the content of information security is summed up in which 11 aspects?

A: Information security policy and strategy, organization of information security, asset management, human resources security, physical and environmental security, communications and operational security, access control, information system acquisition, concurrency and retention, information security incident management, business continuity management, compliance.

6. What is business continuity management?

A: Prevent business disruptions, protect critical business processes from significant information system failures or disasters, and ensure that they are restored in a timely manner. The loss of information assets is restored to an acceptable level through the combination of prevention and recovery controls. Business continuity plans should be established and implemented to ensure the timely recovery of basic operations. Information security should be an integral part of the overall business continuity process and other management processes within the organization, and in addition to the general risk assessment process, new business management should include identifying and mitigating risk control measures, limiting the impact of harmful events, and ensuring that the information required by the business process is readily available.

7. What are the security technologies commonly used in the application system?

Answer: Minimum authorization principle, anti-exposure. Information encryption, physical encryption

8. What are the main factors that affect information integrity?

A: There are equipment failure, error (transmission, processing and storage of the error generated in the process, timing stability and precision reduction caused by error, various sources of interference caused by error), human attacks and computer viruses.

9. What are the main methods to ensure the integrity of the application system?

A: Protocol, error correction coding method, password check and method, digital signature, notarization

10, which nature is generally used in the system normal use time and the entire working time ratio to measure?

Answer: Availability.

11, in the safety management system, different security level of security management agencies should be in which order to gradually establish their own information security organization management system?

A: Equipped with security administrators, the establishment of security functions, the establishment of a security leadership team, the main responsible for the leadership, the establishment of information security and confidentiality management department.

12, in the information system security management elements list, the risk management category including which families? What are the family of business continuity management classes?

A: Risk management includes the family: risk management requirements and strategies, risk analysis and assessment, risk control, risk-based decision-making, risk assessment management;

Business continuity classes include families: Backup and recovery, security event handling

13, gb/t20271-2006, Information system security technology system is how to describe?

Answer: Physical security, operational security, data security

14, for power, what is emergency power supply? Regulated power supply? Power protection? Uninterrupted power supply?

A: Emergency power supply: Configure the basic equipment to resist voltage shortage, improve equipment or stronger equipment, such as basic ups, improved UPS, multi-level ups and emergency power supply (generator set) and so on.

Regulated power supply: the use of line voltage regulator to prevent the impact of voltage fluctuations on the computer system.

Power protection: Set up power protection devices such as metal oxide varistors, diodes, gas discharge tubes, filters, voltage regulator transformers, and surge filters to prevent/reduce power failures.

Uninterrupted power supply: the use of uninterrupted power supply, to prevent voltage fluctuations, electrical interference and power outages and other adverse effects on the computer system.

15, the personnel in and out of the room and operation of the scope of access control including Which?

A: It should be clear that the computer room safety management of the responsible person, the machine room access should be designated personnel responsible, unauthorized personnel are not allowed to enter the room, access to the computer room, its scope of activities should be limited, and the reception staff accompanied; room key managed by person, without approval, No one is allowed to copy the computer room key or the server power-on key; no clear permission of the designated management, any record media, documents and all kinds of protected products are not allowed to bring out of the room, work-related items are not allowed into the computer room, smoking in the room and into the fire and water, all visitors should be required to undergo official approval The registration records shall be kept properly for future reference; Persons admitted into the computer room shall be prohibited from carrying electronic equipment such as personal computers into the computer room, and their scope of activities and operating behavior shall be limited, and the reception staff of the machine room will be escorted.

16, for electromagnetic compatibility, computer equipment Anti-leakage include what content?

A: the need to prevent electromagnetic leakage of computer equipment should be equipped with electromagnetic interference equipment, in the protection of the computer equipment operating electromagnetic interference equipment is not allowed to shut down, if necessary, can be used to shield the machine room. Shielding room should be closed at any time the screen door, not in the shielding wall nail drilling, not in the waveguide or not through the filter room inside and outside the shield to connect any cable, should often test the leakage of the shielding room and carry out the necessary maintenance.

17, to which key positions of personnel for unified management, allow one person more post, but business application operators can not be other key positions of personnel concurrently?

A: For security administrators, system administrators, database administrators, network administrators, key business developers, system maintenance personnel and important business application operations personnel, such as information system key personnel of the unified management, allowing one person more post, but the business application operators can not be the other key positions of personnel concurrently.

18, business development and system maintenance personnel can not concurrently or hold what positions?

A: Business developers and system maintenance personnel cannot act as a security officer, system administrator, database administrator, network administrator, or work as a key business application operator.

19, the application system operation involves four levels of security, according to the granularity from coarse to fine sort is what? Remember

A: Four levels of security by granularity from coarse to fine sort is: system-level security, resource access security, functional security, data domain security

20, which is system-level security?

A: Sensitive system isolation, Access IP address segment restrictions, logon time limit, session time limit, number of connections limit, the limit of login times in a certain period of time and remote access control, etc., system level security is the first protection door of application system.

22. What is resource access security?

A: Security control of access to program resources, on the client, to provide users with their rights related to the user interface, only the corresponding permissions to the menu and Action buttons, on the server side of the URL program resources and business service class methods of access control.

23. What is functional safety?

A: Functional security will have an impact on the program process, such as whether users need to audit when operating business records, upload attachments cannot exceed the specified size, etc.

24. What is data domain security?

A: Data domain security includes two levels, one is row-level data domain security, which business records users can access, and the other is field-level data domain security, that is, users can access the fields of business records.

25. What is the scope of the system operation security check and record?

A: 1) Application system access control check. Includes physical and logical access controls, whether to increase, change, and cancel access rights according to prescribed policies and procedures, and whether the allocation of user rights follows the "least privilege" principle.

2) Log check of the application system. Includes database logs, system access logs, System processing logs, error logs, and exception logs.

3) Application system availability check: Including system outage time, system normal service time and system recovery time, etc.

4) application system capability check. including system resource consumption, system transaction speed and system throughput.

5) Security operation check of application system. Whether the user is accessed and used in accordance with relevant policies and procedures for information security.

6) Application System Maintenance Check: Whether the maintenance problem is resolved within the stipulated time, whether the problem is solved correctly, whether the process of solving the problem is effective, etc.

7) configuration check of the application system. Check that the configuration of the application system is reasonable and appropriate, and that each configuration component is functioning as it should.

8) Check for malicious code. Whether there is malicious code, such as viruses, Trojan horses, covert channels cause the application system data loss, corruption, illegal modification. Information disclosure, etc.,

26, classified according to the relevant provisions of the classification?

A: Top secret, confidential and secret

27, the reliability level is divided into which three levels?

A: The highest reliability requirements for a-class, system operation requires a minimum reliability of C-class, midway between the B-class.

April 4 Jobs