Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
Risk assessment is a common first step in a risk management process. Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat (also called hazard). As a best practice, risk assessments should be based upon which of the following?
|
A quantitative measurement of risk, impact and asset value
|
|
|
A company’s new employees are asked to sign a document that describes the methods of and purposes for accessing the company’s IT systems. Which of the following BEST describes this document?
|
Acceptable Use Policy
|
|
|
A representative from the human resources department informs a security specialist that an employee has been terminated. Which of the following would be the BEST action to take?
|
Disable the employee’s user accounts and keep the data for a specified period of time.
|
|
|
According to the contractual obligation, corporation A has to provide a certain amount of system uptime to a client. This contract is an example of:
|
SLA
|
|
|
Documentation describing a group of expected minimum behaviors is known as:
|
A code of ethics
|
|
|
So as to facilitate communications in the office of a small call center business, an email system is going to be installed. As part of the upgrade, the vendor offered to supply anti-malware software of $5,000 per year. However, if it is not adequately protected, there was a 90% chance each year that workstations would be compromised. Under that circumstance, it will take 30 staff three hours to restore services and the staff members in the call center are paid $90 per hour. What is the Annual Loss Expectancy (an IT risk assessment methodology)?
|
$7290
|
|
|
Which description is correct about the form used while transferring evidence?
|
Chain of Custody
|
|
|
What should be established immediately upon evidence seizure?
|
chain of Custody
|
|
|
Risk assessment is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat. During a risk assessment of a computing system, what is the most important step to conduct?
|
The identification of missing patches
|
|
|
A programmer plans to change the server variable in the coding of an authentication function for a proprietary sales application. Which process should be followed before implementing the new routine on the production application server?
|
change management
|
|
|
Who is finally in charge of the amount of residual risk?
|
The senior management
|
|
|
The main objective of risk management in an organization is to reduce risk to a level:
|
the organization will accept
|
|
|
To preserve evidence for later use in court, which of the following needs to be documented?
|
chain of custody
|
|
|
Which description is correct about a tool used by organizations to verify whether or not a staff member has been involved in malicious activity?
|
Mandatory vacations
|
|
|
Human resource department personnel should be trained about security policy:
|
guidelines and enforcement
|
|
|
Sending a patch through a testing and approval process is an example of which option?
|
change management
|
|
|
Which of the following is not a step in the incident response process?
|
repudiation
|
|
|
An audit has just been performed on a company’s network. However, the IT departmental staff was not allowed to see the results. Which of the following is most probably the reason?
|
Seperations of duties
|
|
|
A technician is conducting a forensics analysis on a computer system. Which step should be taken FIRST?
|
Get a binary copy of the system
|
|
|
Which of the following is not an example of organizational policy that reduces the impact of fraud?
|
password complexity rules
|
