Chapter 1

Question 1

What an example of a privacy law in Europe that dictates how data belonging to European citizens is handled?

Answer 1

GPDR -General Data Protection Regulation

Question 2

Define Privacy

Answer 2

the right of an individual to control the distribution of information about themselves

Question 3

How do you protect data that is entrusted to you as a Cyber Security Analyst

Answer 3

By using the CIA Triad

Question 4

What is a vulnerability

Answer 4

an inherent weakness or flaw in a system or component which, if triggered or acted upon could cause a risk event to occur.

Question 5

What is a threat

Answer 5

Something or someone that aims to exploit a vulnerability in order to gain unauthrorized access.

Question 6

Define Authentication

Answer 6

Access control process that compares one or more factors of identification to validate the identity of someone trying to authenticate

Question 7

Define authorization

Answer 7

The right or a permission that is granted to a system entity to access a system or resource

Question 8

Define Confidentiality

Answer 8

Characteristic of data or info when it is not made available or disclosed to unauthorized people.

Question 9

Define Privacy

Answer 9

The right of an individual to control the distribution of information about themselves.

Question 10

Define an asset

Answer 10

something in need of protection

Question 11

What is risk

Answer 11

The intersection of threats, vulnerabiliites and assets.

Question 12

define a threat vector

Answer 12

Approach and technique used by a threat actor

Question 13

Define the likelihood of occurrence

Answer 13

is a weighted factor based on a subjective analysis of the probability that a given threat or set of threats is capable of exploiting a given vulnerability or set of vulnerabilities.

Question 14

Define impact as it relates to risk management

Answer 14

the magnitude of harm that can be expected to result from the consequences of a comprised CIA.

Question 15

What are three strategies for identifying risk.

Answer 15

Identify risk to communicate it clearly.

Employees at all levels of the organization are responsible for identifying risk.

Identify risk to protect against it.

Question 16

Define Risk assessment

Answer 16

the process of identifying, estimating and prioritizing risks to an organization’s operations assets, individuals, other organizations and even the nation.

Question 17

Wha vtis one outcome of a of a risk assessment be

Answer 17

The aligning of each identified risk with the goals, assets, or processes the organization uses

Question 18

What are the primary goals of a risk assessment

Answer 18

Estimate and prioritize risks

Question 19

What is risk treatment

Answer 19

making decisions about the best actions to take regarding the identified and prioritized risk.

Question 20

What are the four types of risk treatment

Answer 20

Avoidance
Acceptance
Mitigation
Transfer

Question 21

Define Risk avoidance

Answer 21

Decision to attempt to eliminate the risk entirely.

Question 22

Define Risk Acceptance

Answer 22

When the organization accepts the risk and makes no effort to mitigate, avoid, or transfer

Question 23

Define risk mitigation

Answer 23

taking actions to prevent or reduce the possibility of a risk event or its impact.

Mitigations include remiadation measures, security controls, creating and enforicing policies and procedures.

Question 24

How can Qualitative risk analysis be identified

Answer 24

Method for risk analysis that is based on the assignment of a descriptor such as low, med, high

Think of the quality of experience driving the quality of assignement

Question 25

How can Quntatative risk be identified

Answer 25

Method for risk analysis where numerical values are assinged to both impact and liklihood based on statistical probabilities, and monetized loss or gain

Question 26

Define Risk Tolerance

Answer 26

The level of risk an entity will assume in order to achieve a desired result

Question 27

Define physical controls

Answer 27

They typically provide ways of controlling, directing or preventing the movement of people and equipment throughout a specific physical location