ch 11 1

Question 1

RISK ASSESSMENT ORDER

Answer 1

Identify the organization’s assets.
Step 2. Identify vulnerabilities.
Step 3. Identify threats and threat likelihood.
Step 4. Identify potential monetary impact.

Question 2

Qualitative

Answer 2

is an assessment that assigns numeric values to the
probability of a risk and the impact it can have on the system or network. Unlike

EX 0TO 100

Question 3

Quantitative risk assessment measures risk by using exact monetary values.

Answer 3

SLE × ARO = ALE

Question 4

Management controls:

Answer 4

how the security
of your data and systems is managed
focus on decisions and the management of risk.
EXECUTIVES SET THEM

Question 5

Operational controls:

Answer 5

increase individual and group system security. They include user
awareness and training disaster recovery plans, incident
handling

Question 6

TECHNICAL CONTROLS

Answer 6

logical controls executed by the computer
system. EX authentication, access control, auditing,
and cryptography.

Question 7

Vulnerability management STEPS

Answer 7

Define the desired state of security. Create baselines.

Prioritize vulnerabilities. Mitigate vulnerabilities. Monitor the environment—

Question 8

vulnerability scanning may be passive

or active, whereas penetration testing will be active

Answer 8

vulnerability scanning will seek out all vulnerabilities

and weaknesses within an organization

Question 9

TYPES SCANS

Answer 9

vulnerability scan with Nessus

port scanner is Nmap.

Question 10

Banner grabbing

Answer 10

find out information about web servers,

Question 11

DICT ATTACK

Answer 11

Uses a prearranged list of likely words, trying each of

them one at a time. It can

Question 12

Cryptanalysis attack:

Answer 12

Uses a considerable set of precalculated encrypted passwords

located in a lookup table. These tables are known as rainbow tables ,