Basic Risk Concepts

Question 1

What is the definition of a Threat?

Answer 1

is any circumstance or event that has the potential

to compromise confidentiality, integrity, or availability.

Question 2

Risk is the possibility or likelihood of…

Answer 2

threat exploiting a vulnerability

resulting in a loss

Question 3

What are the 3 types of controls that describe HOW the control is implemented?

Answer 3

Technical, Administrative and Physical

Question 4

organizational policies and guidelines are used to implement what kind of control?

Answer 4

administrative controls

Question 5

operational controls, which are a form of admin control, ensure the day-to-day operations of an organization comply with the org’s overall security plan - true or false?

Answer 5

True

Question 6

Account disablement, security guards and hardening are examples of what type of control?

Answer 6

Preventative

Question 7

backup and system recovery is a type of what control?

Answer 7

Corrective. Because it reverses the data loss

Question 8

what control is an alternative control used instead of a primary control?

Answer 8

compensating control

Question 9

What are the 4 control types that describe the GOAL of the control

Answer 9

Deterrent
Detective
Corrective
Preventative