Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
24 Cards in this Set
- Front
- Back
|
Which of the following terms is used to describe the loss of value to an asset based on a single security incident? |
SLE |
|
|
An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as: |
ARO (Annualized Rate of Occurrence) |
|
|
What is the correct formula for calculating probable financial loss due to a risk over a one-year period? |
ALE = ARO x SLE Annualized Loss Expectancy = Annualized Rate of Occurrence x Single Loss Expectancy |
|
|
Which of the following terms is used to describe the average time required to repair a failed component or device? |
MTTR (Mean Time To Recovery) |
|
|
High MTBF value indicates that a component or system provides low reliability and is more likely to fail. (True / False) |
False |
|
|
A calculation of the Single Loss Expectancy (SLE) is an example of: |
Quantitative risk assessment |
|
|
Assessment of risk probability and its impact based on subjective judgment falls into the category of: |
Qualitative risk assessment |
|
|
A path or tool allowing an attacker to gain unauthorized access to a system or network is known as: |
Threat vector |
|
|
In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat. |
ARO (Annualized Rate of Occurrence) |
|
|
Contracting out a specialized technical component when the company's employees lack the necessary skills is an example of: |
Risk transference |
|
|
Disabling certain system functions or shutting down the system when risks are identified is an example of: |
Risk avoidance |
|
|
Which of the following answers exemplifies implementation of the risk transference methodology? |
Insurance policy |
|
|
Which of the following terms relates closely to the concept of residual risk? |
Risk acceptance |
|
|
What type of risk management strategy is in place when accessing the network involves a login banner warning designed to inform potential attacker of the likelihood of getting caught? |
Risk deterrence |
|
|
Which of the following security control types can be used in implementing a risk mitigation strategy? (Select three answers) |
Technical, Management, Operational |
|
|
Which of the following terms refers to one of the hardware-related disadvantages of the virtualization technology? |
Single point of failure |
|
|
Which of the following acronyms refers to a maximum tolerable period of time required for restoring business functions after a failure or disaster? |
RTO (Recovery time objective) |
|
|
Recovery time objective (RTO) specifies a point in time to which systems and data must be recovered after a disaster has occurred. (True / False) |
False |
|
|
Which of the following answers refers to a key document governing the relationship between two business organisations? |
BPA |
|
|
A document established between two or more parties to define their respective responsibilities in accomplishing a particular goal or mission is known as: |
MOU (Memorandum of Understanding) |
|
|
Which of the following answers refers to an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection? |
ISA (Interconnection Security Agreement) |
|
|
Which of the following functionalities allows a DLP system to fulfil its role? |
Content inspection |
|
|
In forensic procedures, a sequence of steps in which different types of evidence should be collected is known as: |
Order of volatility |
|
|
In forensic procedures, a chronological record outlining persons in possession of an evidence is referred to as: |
Chain of custody |
