Soft examinations High Students: April 4, 2016 jobs

First, change management
1, the principle of change management is the first?

A: First establish the project baseline, change process and change Control Committee (also known as the Change Management Committee).

2. What are the more configuration tools in China? (3)

Answer: Rational ClearCase, Visual SourceSafe, and concurrent Version System.

3. Is CCB a decision-making body or an operating institution?

A: CCB is a decision-making body, not an operating agency.

4. What is the role of the project manager in the change?

A: In response to the requirements of the change, the assessment of the impact of the change on the project and the response plan, the requirements from the technical requirements into resource requirements for the decision of the authorized person, and according to the results of the implementation of the project benchmark to ensure that the project baseline response project implementation.

5. Change of working procedure? Remember

For:

(1) Submit and receive the change request.

(2) Preliminary examination of the change.

(3) Change the project argumentation.

(4) Review of the Project change Control Committee.

(5) Issue notice of change and commence implementation.

(6) Monitoring of change implementation.

(7) Evaluation of the effect of the change.

(8) Determine whether the project after the change has been incorporated into the normal track.

6. What is the purpose of the preliminary revision? Remember

For:

(1) To exert influence on the change initiator, to confirm the necessity of the change, to ensure that the change is more valuable.

(2) Format check, integrity check, ensure that the information required for evaluation is fully prepared.

(3) to reach a consensus on the proposed change information for evaluation in the stakeholder's room.

(4) The common way to change the preliminary examination is to change the application document audit flow.

7. What are the various aspects of the evaluation of the effect of change?

For:

(1) The primary assessment basis is the project benchmark.

(2) It is also necessary to combine the original intention of the change to see whether the purpose of the change has been achieved.

(3) Evaluate the technical argumentation in the change plan, the gap between the economic argumentation content and the implementation process, and advance the solution.

8, for change, when can use batch processing, sub-priority way, in order to improve efficiency?

A: In the case of the overall pressure of the project, more emphasis should be placed on the proposed changes, processing should be standardized.

9, the project size is small, and other projects associated with the hour, high-tech should be simple and efficient, need to pay attention to which three points?

For:

(1) Exert influence on the factors that result from the change.

(2) The confirmation of the change shall be formalized.

(3) The operation process of the change should be standardized.

10. What topics should be included in the control of schedule changes? Remember

For:

(1) Determine the current status of the project progress.

(2) exert influence on the factors causing the change of schedule.

(3) ascertain whether the progress has been changed.

(4) manage the actual changes as they occur.

11, the control of cost change, including which topics?

For:

(1) Influence factors that cause cost benchmark changes.

(2) Ensure that the request for change is agreed.

(3) When changes occur, manage these actual changes.

(4) Ensure that potential cost overruns do not exceed the overall funding of the authorized project phase.

(5) Supervise the cost performance and find out the deviation from the cost benchmark.

(6) Accurately record all deviations from the cost benchmark.

(7) Prevent erroneous, inappropriate or unapproved changes from being included in the expense or Resource Usage report.

(8) Notify interested parties of changes in the validation.

(9) Take measures to control the anticipated cost overruns within an acceptable range.

12. Please describe the difference between change management and configuration management.

For:

(1) If the project as a whole is a project configuration item, configuration management can be considered as a system for project integrity management and can be used as part of the project baseline adjustment.

(2) Also visual change management and configuration management for the two sets of mechanisms, change management by the project delivery or baseline configuration adjustment, by the configuration management system call; Change management should eventually be fed back to the configuration management system to ensure project execution is consistent with the project's accounts.

Second, security management
1, information security ternary group is what?

A: The confidentiality, completeness, and availability of the data.

2, the confidentiality of data generally through which to achieve?

A: Network security protocols, network authentication services, and data encryption services.

3. What are the technologies that ensure data integrity?

A: Non-repudiation of message source, firewall system, communication security and intrusion detection system.

4. What are the technologies that ensure availability?

For:

(1) Fault tolerance and backup of disk and system.

(2) Acceptable login and process performance.

(3) Reliable and functional security processes and mechanisms.

5, in iso/iec27001, the content of information security management is summed up in which 11 aspects?

For:

(1) Information security policy and strategy.

(2) Organize information security.

(3) Asset Management.

(4) Human resources security.

(5) Physical and environmental safety.

(6) Communication and Operation safety.

(7) Access control.

(8) Acquisition, development and maintenance of information systems.

(9) Information security time management.

(10) Management of business continuity.

(11) Compliance.

6. What is business continuity management?

A: Prevent disruption of business activities, protect critical business processes from significant information system failures or disasters, and ensure their timely recovery.

7. What are the security technologies commonly used in the application system?

For:

(1) Minimum authorization principle.

(2) Anti-exposure.

(3) Information encryption.

(4) Physical encryption.

8. What are the main factors that affect information integrity?

A: Equipment failure, error (transmission, processing and storage of errors generated in the process, timing stability and accuracy of the error caused by errors, various sources of interference caused by error), human attacks and computer viruses.

9. What are the main methods to ensure the integrity of the application system?

For:

(1) agreement.

(2) Error correcting coding method.

(3) Password check and method.

(4) Digital signature.

(5) notarization.

10, which nature is generally used in the system normal use time and the entire working time ratio to measure?

Answer: Availability.

11, in the safety management system, different security level of security management agencies should be in which order to gradually establish their own information security organization management system?

A: ① is equipped with security management personnel →② set up a security responsibility department →③ set up a safety leadership group →④ main responsible for the leadership →⑤ establish information security Management department.

12, in the information system security management elements list, "Risk management" category, including which families? What families are included in the Business Continuity management category?

For:

(1) Risk management includes the following families: risk management requirements and strategies, risk analysis and assessment, risk control, risk-based decision-making, and risk assessment management.

(2) Business Continuity management includes the following families: Backup and recovery, security event handling, and emergency handling.

13, gb/t20271-2006, Information system security technology system is how to describe? (one-level title only)

For:

(1) Physical security.

(2) Safe operation.

(3) Data security.

14, for power, what is emergency power supply? Regulated power supply? Power protection? Uninterrupted power supply?

For:

(1) Emergency power supply: Configure basic equipment to resist voltage shortage, improve equipment or stronger equipment, such as basic ups, improved UPS, multi-level ups and Emergency Power (generator) group.

(2) Regulated power supply: the use of line voltage regulator to prevent the impact of voltage fluctuations on the computer system.

(3) Power protection: Set up power protection devices, such as metal oxide variable resistors, diodes, gas discharge tubes, filters, voltage regulator transformers and surge filters to prevent/reduce power failure.

(4) Uninterrupted power supply: the use of uninterrupted power supply, to prevent voltage fluctuations, electrical interference and power outages and other adverse effects on the computer system.

15, the personnel in and out of the room and operation of the scope of access control including Which?

For:

(1) should be clear the computer room safety management of the responsible person, room access should be established personnel responsible, unauthorized personnel are not allowed to enter the room.

(2) Visitors who are permitted to enter the computer room shall be limited in scope of activities and accompanied by the reception staff.

(3) Room key is managed by special person, without approval, no one is allowed to copy computer room key or server boot key.

(4) without the explicit permission of the designated management personnel, any recording media, document materials and a variety of protected products are not allowed to take out of the room, work-related items are not allowed into the room.

(5) The computer room is strictly forbidden to smoke and bring into the fire and water.

(6) All visiting personnel shall be required to be duly approved and the records of registration shall be kept for future reference.

(7) Authorized to enter the computer room personnel, generally should be prohibited to carry personal computers and other electronic equipment into the room, its scope of activities and operation should be limited, and the computer room reception personnel are responsible for the escort.

16, for electromagnetic compatibility, computer equipment to prevent leakage of what content?

For:

(1) The need to prevent electromagnetic leakage of computer equipment should be equipped with electromagnetic interference equipment, in the protected computer equipment, electromagnetic interference equipment is not allowed to shut down. If necessary, the shielding room can be used.

(2) The shielding room should be closed at any time the shielding door, not in the shielding wall nail drilling, not in the waveguide outside or not through the filter room inside and outside the shield to connect any cable.

(3) The leakage of the shielding room should be tested frequently and the necessary maintenance should be carried out.

17, to which key positions of personnel for unified management, allow one person more post, but business application operators can not be other key positions of personnel concurrently?

A: Security administrators, system administrators, database administrators, network administrators, key business developers, System maintainers, and key business application functional operators.

18, business developers and system maintenance personnel can not concurrently or hold what positions?

A: Security administrators, system administrators, database administrators, network administrators, key business application function operators.

19, the application system operation involves four levels of security, according to the granularity from coarse to fine sort is what? Remember

Answer: System-level security, resource access security, functional security, and data domain security.

20, which is system-level security?

A: Isolation of sensitive systems, restrictions on Access IP address segments, limits on logon periods, session time limits, number of connections, restrictions on logon times during a specific period of time, and remote access control.

22. What is resource access security?

A: Security control of access to program resources, on the client side, to provide users with their permissions related to the user interface, only the corresponding permissions to the menu and action buttons. The server accesses the URL program resources and calls to the business service class methods.

23. What is functional safety?

A: Functional security can have an impact on the program flow, such as whether the user needs to audit when operating the business record, whether to upload attachments, not exceeding the specified size. These security restrictions are not an entry-level limitation, but a limitation within a program's process, which in some way affects the running of the program flow.

24. What is data domain security?

A: Divided into two levels, one is the row-level data domain security, that is, what business records users can access, generally in the user's unit as the criteria for filtering; the second is field-level data domain security, which is where users can access the fields of business records.

25. What is the scope of the system operation security check and record? (and describe each of the contents)

For:

(1) The access control check of the application system. Includes physical and logical access controls, whether to increase, change, and cancel access rights according to prescribed policies and procedures, and whether the allocation of user rights follows the "least privilege" principle.

(2) Log check of the application system. Includes database logs, system access logs, System processing logs, error logs, and exception logs.

(3) Application system usability check. This includes system outage time, system uptime, and system recovery time.

(4) Application system capability check. including system resource consumption, system transaction speed and system throughput.

(5) Security operation check of application system. Whether the user's use of the application system is accessed and used according to the relevant policies and procedures of information security.

(6) Apply system maintenance check. Whether the maintenance problem is resolved within the stipulated time, whether the problem is solved correctly, whether the process of solving the problem is effective, etc.

(7) Configuration check of the application system. Check that the configuration of the application system is reasonable and appropriate, and that each configuration component is functioning as it should.

(8) Malicious code to troubleshoot. Whether there is malicious code, such as viruses, Trojan horses, covert channels resulting in application system data loss, corruption, illegal modification, information disclosure and so on.

26, classified according to the relevant provisions classified as: Top Secret, confidential and?

Answer: Secret.

27, the reliability level is divided into which three levels?

A: From high to low in turn, A, B, c three level.

This article from "11233637" blog, declined reprint!

Soft examinations High Students: April 4, 2016 jobs