• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

45 Cards in this Set

  • Front
  • Back

What are the 3 risk management control types?

Management, Operational, Technical

2 ways to do risk analysis



What risk analysis method includes intangible factors?



Annual Loss Expectancy


Annual Rate of Occurrence


Single Loss Expectancy

How is ALE calculated?


What are the common access control policies that can prevent fraud and corruption?

Least privilege

Separation of duties

Job rotation

Mandatory vacations

What is the act of taking the necessary steps to protect the company and employees?

Due care

What is the act of ensuring that security policies are properly implemented?

Due diligence

What ensures a fair and impartial inquiry into violations of company policy?

Due process

What is the security concept concerning protecting data and it's confidentiality both in storage and in transit?

DLP Data Loss Prevention


Health Insurance Portability and Accountability Act. Medical Industry standard fro protection of patient data`


Sarbanes Oxley

Standards for financial firms for storage, access, communications & auditing of data


Payment Card Industry

Standards defined for credit card companies.


European Data Protection Initiative

A European Union standard for provacy protection of user data


Mean Time Between Failures


Service Level Agreement

An understanding between a supplier of services and the user regarding availability. This details the policies and procedures to preserve uptime as well as contingency plans.


Interconnection Security Agreement

Describes technical details by which two interconnected systems will securely share information.

What is SPIM?

Instant message spam

What is Vishing ?

VOIP phishing, which can spoof origins and make a bogus call hard to detect

What ensures that evidence has been handled with care and lists the persons who have had acess to it?

A Chain of Custody

What is a detailed document that provides an analysis of risks, a recovery plan and a continuity of operations plan?

A BCP Business Continuity Plan

What are the steps in creating a BCP?

Create a disaster recovery team, Perform a risk analysis, Perform a business impact analysis, Create a disaster recovery plan, Prepare documentation, Test the plan

Who should be included on the disaster recovery team?

Members from all departments, including management.

What outlines critical business functions and how they will be affected in a disaster?

The Business Impact Analysis.

What should be included in a disaster recovery plan?

Notification lists, Contact information, Network and facilities diagrams, System configurations, Backup restoration procedures, Backup and licensing media.

How should a disaster recovery plan be stored?

In both hardcopy and software form, as well as both onsite and in an offsite facility.


Mean Time To Restore


Mean Time To Failure

Assumes a device will NOT be repaired


Recovery Time Objective


Mean Time Between Failures, Assumes a device will be repaired.


Recovery Point Objective, The maximum acceptable loss for an outage, Defined in terms of time.

Difference between High availability vs redundancy?

High availability means a service is always available, redundancy of equipment is a means of delivering on this.

what are the two types of clustering for servers?

Active/Active (both are responding)

Active/Passive (one is responding and the second takes over when the first fails)

Whatt are the types of alternate sites?


Raid 0

Striping, no fault tolerance, 2 drives minimum

Raid 1

Disk mirroring, 2 drives minimum

Raid 5

Striping with distributed parity

3 drives minimum

Raid 6

Striping, double distributed parity

4 drives minimum

When planning a backup strategy, what points should be included?

Type of data to be backed up

Frequency of backups

The amount of data to backup

Retention period of those backups

What is recommended humidity for computer equipment?


What is the difference between a voltage spike and a surge?

A spike is momentary, while a surge is a prolonged period of high coltage

What is the difference between and voltage sag and a brownout?

A sag is momentary, and a brownout is a prolonged period of low voltage.

What are 3 common types of problems that affect network signals?

EMI (Electro Magnetic Interference)