CH 11 Vulnerability and Risk Assessment

Question 1

Risk organization

Answer 1

Transfer the risk to another organization or third party.
■ Avoid the risk.
■ Reduce the risk.
■ Accept some or all of the consequences of a risk.

Question 2

Qualitative

Answer 2

Assigns numeric values
1–100.
ex

Question 3

Quantitative

Answer 3

Measures risk by using exact monetary
values. It

ex SLE × ARO = ALE

Question 4

MTBF) .

Answer 4

average number of failures per million

hours of operation for a product in question.

Question 5

MTTF)

Answer 5

which is a basic measure of reliability for devices that cannot be
repaired

Question 6

MTTR

Answer 6

time 2 repair problem

Question 7

Management controls:

Answer 7

Managers set procedures, policies, legal and regulatory and SDLC

Question 8

operation controls

Answer 8

executed by people

ppl training

Question 9

Tech contols

Answer 9

logical controls executed by the computer
system. Technical controls include authentication, access control, auditing,
and cryptography
Uses Raid 5

Question 10

security controls:

Answer 10

Prevent detective corrective

Question 11

Prevent

Answer 11

NIPSs to prevent malicious activity, and

RAID 1 to prevent loss of data.

Question 12

detct catch action

Answer 12

CCTV/video surveillance, alarms, NIDSs, and auditing.

Question 13

Corrective

Answer 13

limit the

extent of damage an

Question 14

password-cracking methods.

Answer 14

Dictionary attack brute force

Question 15

Dictionary

Answer 15

prearranged list of likely words,

ex anbcdd

Question 16

brute force

Answer 16

every possible password instance

Question 17

Cryptanalysis attack

Answer 17

Uses a considerable set of precalculated encrypted passwords
located in a lookup table. These tables are known as rainbow tables ,
and the type of password attack is also known as precomputation, where all
words in the dictionary (or a specific set of possible passwords) are hashed and
stored.