Ch 15 Key Terms

Question 1

permission to perform a cyber security test

penetration verification acceptance

vulnerability testing authorization

variance

vulnerability verification acceptance

Answer 1

vulnerability testing authorization

Question 2

calculates the avg amount of time until a component fails

mean time between failures (MTBF)

mean time to failure (MTTF)

Failure in time (FIT)

mean time to recovery (MTTR)

Answer 2

mean time between failures (MTBF)

Question 3

prevents the threat from coming in contact with a vulnerability

deterrent control

preventive control

executive control

administrative controls

Answer 3

preventive control

Question 4

average amount of time it will take a device to recover

mean time to failure (MTTF)

Failure in time (FIT)

mean time to recovery (MTTR)

mean time between failures (MTBF)

Answer 4

mean time to recovery (MTTR)

Question 5

sustained and continual surveillance

secure configuration guides

configuration validation

scalability

continuous monitoring

Answer 5

continuous monitoring

Question 6

intended to mitigate the damage caused by the incident

detective control

preventive control

corrective control

compensating control

Answer 6

corrective control

Question 7

propose change of IT systems; approved by the ______

change management chairperson

computer change management

change management board

change management team

Answer 7

change management team

Question 8

policy that defines the actions users may perform

executive policy

social media network

role-based awareness training

acceptable use policy

Answer 8

acceptable use policy

Question 9

using technology to automate IT processes

artificial intelligence

automated course of action

automation

IT automation

Answer 9

automation

Question 10

states how a company plans to protect its IT assets

social media network

role-based awareness training

executive policy

security policy

Answer 10

security policy

Question 11

of human origin, such as the vandalism of a wireless antenna

physical threat

natural threat

manmade threat

risk assessment

Answer 11

manmade threat

Question 12

compiled historical data; determine the likelihood of a risk

ARI

ARO

SLE

ALE

Answer 12

ARO

Question 13

security controls carried out or managed by devices

corrective control

technical controls

compensating control

preventive control

Answer 13

technical controls

Question 14

intended to minimize security risks of data transmitted across the network

Blanket Purchase Agreement (BPA)

Memorandum of Understanding (MOU)

Interconnection Security Agreement (ISA)

Systems Security Agreement (SSA)

Answer 14

Interconnection Security Agreement (ISA)

Question 15

a network that moves a product from the supplier to customer

assessment

supply chain assessment

retail assessment

supply chain

Answer 15

supply chain

Question 16

permission to perform a cyber security test

penetration testing authorization

vulnerability verification acceptance

variance

penetration verification acceptance

Answer 16

penetration testing authorization

Question 17

ensure unwanted data is not carried forward; temporary

presistence tools

non-persistence tools

persistence

live boot media

Answer 17

non-persistence tools

Question 18

a subject’s access level over an object

least privilege

object ramification

least privilege management

privilege

Answer 18

privilege

Question 19

help IT security personnel configure hardware devices and software

security guides

configuration validation

secure configuration guides

scalability

Answer 19

secure configuration guides

Question 20

the processes for ensuring that policies are carried out

security control

administrative controls

physical control

executive control

Answer 20

administrative controls

Question 21

wrap up meeting between a management representative and a person leaving

out-bound interview

in-bound interview

Non-Disclosure Agreement (NDA)

exit interview

Answer 21

exit interview

Question 22

an educated guess based on observation

qualitative calculation

qualitative risk calculation

quantitative risk

quantitative risk calculation

Answer 22

qualitative risk calculation

Question 23

outlines acceptable employee use of social media to be enforced

tweeter media network

social media network

social media policy

group-based affiliation

Answer 23

social media policy

Question 24

process of authenticating information given to a potential employer

in-bound interview

security background check

background check

welcome interview

Answer 24

background check

Question 25

a continued or prolonged state

presistence tools

live boot media

non-persistence tools

persistence

Answer 25

persistence

Question 26

SLE x ARO

SLE

ARO

ARI

ALE

Answer 26

ALE

Question 27

demonstrates a convergence of will between parties

Blanket Purchase Agreement (BPA)

Memorandum of Inderstanding (MOI)

Interconnection Security Agreement (ISA)

Republican Democratic Agreement (RDA)

Memorandum of Understanding (MOU)

Answer 27

Memorandum of Understanding (MOU)

Question 28

a prearranged purchase between government and a business

Blanket Purchase Agreement (BPA)

Blanket Purse Agreement (BPA)

Interconnection Security Agreement (ISA)

Memorandum of Understanding (MOU)

Answer 28

Blanket Purchase Agreement (BPA)

Question 29

can report the number of expected failures of operations for a device

mean time to recovery (MTTR)

Failure in time (FIT)

mean time between failures (MTBF)

mean time to failure (MTTF)

Answer 29

Failure in time (FIT)

Question 30

a control that provides an alternative to normal controls

preventive control

compensating control

detective control

security control

Answer 30

compensating control

Question 31

formal process; examining the seriousness of potential threat

environmental threat

formal assessment

threat assessment

risk assessment

Answer 31

threat assessment

Question 32

the expected monetary loss every time a risk occurs

ARI

ARO

SLE

ALE

Answer 32

SLE

Question 33

from the outside (like the action of a hacktivist)

natural assessment

natural threat

external threat

internal threat

Answer 33

external threat