Soft examinations High Students: April 4, 2016 jobs
First, change management
1, the principle of change management is the first?
The principle of change management is to first establish the project baseline, change process and change Control Committee.
2. What are the more configuration tools in China? (3)
There are rational c1earcase, visualsvurcesafe and concurrent Versions systemp.
3. Is CCB a decision-making body or an operating institution?
CCB is the decision-making body
4. What is the role of the project manager in the change?
The role of the project manager in the change is to respond to the requirements of the change author, assess the impact of the change on the project and respond to the plan
, the requirements will be translated from technical requirements to resource requirements for the decision of the authorized person: and according to the results of the review to adjust the project benchmark,
Ensure project benchmarks reflect project implementation.
5. Change of working procedure? Remember
Submit and accept the change request, the preliminary examination of the change, the change of the program, the Project Change Committee review, issue the Change pass
Implement, change implementation monitoring, change effect assessment, and determine whether the project has been put on track after the change.
6. What is the purpose of the preliminary revision? Remember
① influences the change, confirms the need for change, and ensures that the change is valuable.
② format verification, completeness, and ensure that the information required for evaluation is fully prepared.
③ in the stakeholder agreement on the proposed change information for evaluation.
④ the usual way to change the preliminary examination is to change the approval flow of the application document.
7. What are the various aspects of the evaluation of the effect of change?
① first assessment basis, is the project of the registration.
② also need to combine the original intention of the change to see whether the purpose of the change is achieved.
③ evaluates the technical argumentation in the change plan, the gap between the economic argumentation content and the implementation process and advances the solution.
8, for change, when can use batch processing, sub-priority way, in order to improve efficiency?
In the case of the overall pressure of the project, it is more important to emphasize the proposed change, the processing should be standardized, can use batch processing, sub-priority and other ways to improve efficiency.
9, the project size is small, and other projects associated with the hour, high-tech should be simple and efficient, need to pay attention to which three points?
(1) Exert influence on the factors that result from the change. Prevent unnecessary changes, reduce unnecessary assessments, and improve the efficiency of the adoption of necessary changes.
(2) The confirmation of the change shall be formalized.
(3) The operation process of the change should be standardized.
10. What topics should be included in the control of schedule changes? Remember
(1) Determine the current status of the project progress.
(2) exert influence on the factors causing the change of schedule.
(3) ascertain whether the progress has been changed.
(4) manage the actual changes as they occur.
11, the control of cost change, including which topics?
(1) Influence factors that cause cost benchmark changes.
(2) Ensure that the request for change is agreed.
(3) When changes occur, manage these actual changes.
(4) To ensure that the potential cost overruns do not exceed the authorized project stage funds and overall funds.
(5) Supervise the cost performance and find out the deviation from the cost benchmark.
(6) Accurately record all deviations from the cost benchmark.
(7) Prevent erroneous, inappropriate or unapproved changes from being included in the expense or Resource Usage report.
(8) Notify interested parties of changes in the validation.
(9) Take measures to control the anticipated cost overruns within an acceptable range.
12. Please describe the difference between change management and configuration management.
If the project as a whole is treated as a configuration item, configuration management can be considered as a system for Project Integrity Management , and change management can be considered as part of the project baseline adjustment.
There are also two sets of mechanisms associated with change management and configuration management, which are called by the configuration management system when change management is tuned by a project delivery or a baseline configuration : Change management should ultimately feed back the results of the project's adjustments to the configuration management system to Ensure project execution is consistent with the accounts of the project.
Second, security management
1, information security ternary group is what?
Confidentiality, integrity, availability.
2, the confidentiality of data generally through which to achieve?
Network security protocols, authentication services, Cryptographic services.
3. What are the technologies that ensure data integrity?
Non-repudiation of message source, firewall system, communication security, intrusion detection system.
4. What are the technologies that ensure availability?
Disk and system fault tolerance and backup, acceptable login and process performance, and reliable functional security processes and mechanisms.
5, in iso/iec27001, the content of information security management is summed up in which 11 aspects?
Information security Policy and strategy, organization of information security, asset management, human resource security, physical and environmental security, communication
and operational safety, access control, information system acquisition, development and maintenance;
Management, compliance.
6. What is business continuity management?
Disruption of business activities should be prevented, protection of critical business processes from significant information system failures or disasters and
Ensure that they are restored in a timely manner. The business continuity management process should be implemented to reduce the impact on the Organization and through prevention and
Recovery of the loss of information assets to an acceptable level. This process requires identification of critical business
Information security management requirements for business continuity, such as operations, employee placement, materials, transportation and
Requirements for continuity of facilities. The consequences of disaster, security failure service loss, and service availability should depend on the business
Impact analysis. Business continuity plans should be established and implemented to ensure the timely recovery of basic operations. Information security should be
An integral part of the overall business continuity process and other management processes within the organization. In addition to the common risk
Beyond the evaluation process, business continuity management should include control measures to identify and mitigate risks, and limit the impact of harmful events to
and to ensure that the information required by the business process is readily available.
7. What are the security technologies commonly used in the application system?
Minimum authorization principle; anti-exposure; information encryption; physical secrecy.
8. What are the main factors that affect information integrity?
The main factors that affect information integrity are device failure, error (error generated during transmission, processing and storage), timing
The stability and accuracy of the resulting error, the error caused by various sources of interference, human attacks and computer viruses and so on.
9. What are the main methods to ensure the integrity of the application system?
Protocol; Error correcting coding method; password checksum method; digital signature; notarization.
10, which nature is generally used in the system normal use time and the entire working time ratio to measure?
Availability is generally measured by the ratio of the system's normal usage time to the total working time.
11, in the safety management system, different security level of security management agencies should be in which order to gradually build their own information
Security Organization management system?
Safety management personnel, establishment of security functions, establishment of safety leadership groups, leading leaders;
The Department of Information security and confidentiality management.
12, in the information system security management elements list, "Risk management" category, including which families? "Business Continuity Management
What families are included in the "rationale" category?
Risk management includes the family: risk management requirements and strategies, risk analysis and assessment, risk control, risk-based decision-making
Management of risk assessment.
Business Continuity Management class includes the family: backup and recovery, security event handling.
13, gb/t20271-2006, Information system security technology system is how to describe? (one-level title only)
Physical security, operational security, data security.
14, for power, what is emergency power supply? Regulated power supply? Power protection? Uninterrupted power supply?
Emergency power supply: Configure basic equipment with low voltage resistance, improved equipment or stronger equipment such as basic ups, improved UPS
, multi-level ups and emergency power supply (generator set) and so on.
Regulated power supply: the use of line voltage regulator to prevent the impact of voltage fluctuations on the computer system.
Power protection: Set up power protection devices such as metal oxide varistors, diodes, gas discharge tubes, filters
, voltage regulator transformers and surge filters to prevent/reduce power failures.
Uninterruptible power supply: The use of uninterrupted power supply, to prevent voltage fluctuations, electrical interference and power outages and other computer systems
Adverse effects.
15, the personnel in and out of the room and operation of the scope of access control including Which?
Should be clear the computer room safety management of the responsible person, room access should be designated personnel responsible, unauthorized personnel are not allowed to enter
Into the room: admitted to the computer room visitors, the scope of their activities should be limited, and the reception staff accompanied; room key by
Special management, without approval, no one to copy the computer room key or server boot key; no management
Any record medium, document material and all kinds of protected products are not allowed to be brought out of the room, the work unrelated to the
Products are not allowed to be brought into the computer room, the room is strictly non-smoking and bring into the fire and water.
All visitors shall be required to be duly approved and the records of registration shall be kept for future reference;
, it is generally forbidden to carry electronic devices such as personal computers into the computer room, whose range of activities and operating behavior should be limited,
and a computer room reception personnel responsible and accompanied.
16, for electromagnetic compatibility, computer equipment to prevent leakage of what content?
The computer equipment that needs to prevent electromagnetic leakage should be equipped with electromagnetic interference equipment, work in the protected computer equipment
Electromagnetic interference equipment is not allowed to shut down, if necessary, can be used in shielded room. The shielding room should be closed at any time.
The shielding wall of the nail drilling, not outside the waveguide or not through the filter to the shielding room inside and outside the connection of any cable;
Often test the leakage of the shielding room and carry out the necessary maintenance.
17, the key positions of the personnel to be unified management, allow one person more hillock, but business application operators can not be other
Key position personnel concurrently?
For security administrators, system administrators, database administrators, network administrators, key business developers, system dimensions
Personnel and important business application operators and other information systems in key positions of staff for unified management; allow one person to work more, but
Business application operations personnel cannot be part of other key positions.
18, business developers and system maintenance personnel can not concurrently or hold what positions?
Business developers and system maintainers cannot concurrently or assume security administrators, system administrators, database administrators
, network administrators, and key business application operations personnel.
19, the application system operation involves four levels of security, according to the granularity from coarse to fine sort is what? Remember
Sorting by granularity from coarse to fine is: system level security, resource access security, functional security, data domain security.
20, which is system-level security?
Isolation of sensitive systems, restrictions on Access IP address segments, restrictions on logon periods, session time limits, number of connections
Limit, the number of logins in a specific time period, and remote access control, system-level security is the first application system
The door of the road guard.
22. What is resource access security?
Access to program resources is secured, and on the client side, users are provided with user interfaces related to their permissions, only
Menus and action buttons that match their permissions, and calls to URL program resources and business service class methods on the server
For access control.
23. What is functional safety?
Functional security affects program processes, such as whether a user needs to audit when operating a business record, upload an attachment
Cannot exceed the specified size, and so on.
24. What is data domain security?
Data domain security includes two levels, one is row-level data domain security, which business records users can access, and the other is field-level data domain security, which is where users can access the fields of business records.
25. What is the scope of the system operation security check and record? (and describe each of the contents)
① access control checks for application systems. including physical and logical access control, whether in accordance with the prescribed policies and procedures
The increase, change, and cancellation of access rights, and whether the assignment of user rights follows the "least privilege" principle.
Log check of the ② application system. Including database logs, system access logs, System processing logs, error logs, and different
Regular logs.
③ Application system Availability check: Including system outage time, system uptime and system recovery time.
④ Application system capability check. including system resource consumption, system transaction speed and system throughput.
Safe operation check of ⑤ application system. Whether the user's use of the application system is based on information security related policies and procedures
For access and use.
⑥ Application System Maintenance check. Whether the maintenance problem is resolved within the specified time, whether the problem is resolved correctly,
Whether the process of the problem is effective and so on;
Configuration check of the ⑦ application system. Check that the configuration of the application system is reasonable and appropriate, and that each configuration component should play its
Some features.
⑧ malicious code checks. Whether there is malicious code, such as viruses, trojans, covert channels causing the application system data
Loss, damage, illegal modification, information disclosure, etc.
26, classified according to the relevant provisions classified as: Top Secret, confidential and secret.
27, the reliability level is divided into which three levels?
For the highest reliability requirements of Class A, the minimum reliability required for system operation is Class C, which is in the middle of Class B .
This article from the "11353627" blog, reproduced please contact the author!
Soft examinations High Students: April 4, 2016 jobs