CompTIA Security+ Certification Exam SY0-701 Practice Test 23

Question 1

An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as:

A) ALE
B) SLA
C) ARO
D) SLE

Answer 1

C) ARO

Question 2

In the context of risk assessment, the Exposure Factor (EF) is defined as the percentage of loss that a realized threat would have on an asset. If an organization has an asset valued at $10,000 and the EF is determined to be 20%, what would be the SLE?

A) $500
B) $2,000
C) $5,000
D) $10,000

Answer 2

B) $2,000

Question 3

Which of the answers listed below refers to a comprehensive document used in risk management and project management to identify, assess, and track risks?

A) Risk register
B) Risk heat map
C) Risk matrix
D) Risk repository

Answer 3

A) Risk register

Question 4

Which of the following terms is used to describe the specific level of risk an organization is prepared to accept in pursuit of its objectives?

A) Risk appetite
B) Risk tolerance
C) Risk acceptance
D) Risk capacity

Answer 4

B) Risk tolerance

Question 5

Which of the terms listed below refers to a general term that describes an organization’s overall attitude towards risk-taking?

A) Risk strategy
B) Risk control
C) Risk appetite
D) Risk tolerance

Answer 5

C) Risk appetite

Question 6

Contracting out a specialized technical component when the company’s employees lack the necessary skills is an example of:

A) Risk deterrence
B) Risk avoidance
C) Risk acceptance
D) Risk transference

Answer 6

D) Risk transference

Question 7

Cybersecurity insurance is an example of which risk management strategy?

A) Risk avoidance
B) Risk deterrence
C) Risk transference
D) Risk acceptance

Answer 7

C) Risk transference

Question 8

In the context of risk acceptance, choosing not to apply certain controls or safeguards for a specific risk is called:

A) Exception
B) Evasion
C) Exemption
D) Exclusion

Answer 8

C) Exemption

Question 9

In the risk acceptance strategy, the practice of temporarily not complying with a standard or policy due to a specific risk scenario is referred to as:

A) Exclusion
B) Exception
C) Evasion
D) Exemption

Answer 9

B) Exception

Question 10

Disabling certain system functions or shutting down the system when risks are identified is an example of:

A) Risk acceptance
B) Risk avoidance
C) Risk transference
D) Risk deterrence

Answer 10

B) Risk avoidance

Question 11

Which of the following terms describes the process of taking proactive measures to reduce the impact of identified risks?

A) Risk acceptance
B) Risk avoidance
C) Risk transference
D) Risk mitigation

Answer 11

D) Risk mitigation

Question 12

Which of the acronyms listed below refers to a maximum allowable time to restore critical business functions after a disruption?

A) SLA
B) RTO
C) MTTF
D) RPO

Answer 12

B) RTO

Question 13

Which of the following defines the maximum acceptable amount of data loss measured by a specific point in time before a disaster or outage?

A) RPO
B) MTBF
C) RTO
D) MTTR

Answer 13

A) RPO

Question 14

Which of the terms listed below is used to describe the average time required to repair a failed component or device?

A) MTBF
B) RPO
C) MTTR
D) SLA

Answer 14

C) MTTR

Question 15

A high MTBF value indicates that a component or system provides low reliability and is more likely to fail.

A) True
B) False

Answer 15

B) False

Question 16

A metric that represents the average amount of time a device or system is expected to operate before experiencing its first failure is known as:

A) MTTR
B) SLA
C) MTBR
D) MTTF

Answer 16

D) MTTF

Question 17

Which of the following answers refers to a contractual provision that grants one party the right to inspect the other party’s operations, facilities, processes, and records?

A) Right-to-audit clause
B) Oversight clause
C) Compliance verification clause
D) Transparency clause

Answer 17

A) Right-to-audit clause

Question 18

In the context of third-party risk assessment and management, which process involves conducting thorough investigations to verify the credentials, reliability, and integrity of potential vendors?

A) Reference check
B) Compliance review
C) Due diligence
D) Vendor appraisal

Answer 18

C) Due diligence

Question 19

Which of the terms listed below refers to a situation where a party’s impartiality could be questioned due to potential personal or financial gains?

A) Dual relationship
B) Undue influence
C) Conflict of interest
D) Self-dealing

Answer 19

C) Conflict of interest

Question 20

An agreement between a service provider and users defining the nature, availability, quality, and scope of the service to be provided is called:

A) SOW
B) MSA
C) SLA
D) MOU

Answer 20

C) SLA

Question 21

Which of the following terms refers to an agreement that specifies performance requirements for a vendor?

A) MSA
B) SLA
C) MOU
D) SOW

Answer 21

B) SLA

Question 22

Which of the acronyms listed below refers to a formal and often legally binding document that outlines specific responsibilities, roles, and terms agreed upon by two or more parties?

A) SOW
B) MOA
C) MSA
D) MOU

Answer 22

B) MOA

Question 23

A type of nonbinding agreement outlining mutual goals and the general framework for cooperation between two or more parties is referred to as:

A) MOA
B) SOW
C) MOU
D) MSA

Answer 23

C) MOU

Question 24

A type of legally binding contract that establishes the foundational terms and conditions governing future agreements between two parties is known as:

A) MOU
B) SLA
C) MSA
D) SOW

Answer 24

C) MSA

Question 25

Which of the following acronyms refers to a document that authorizes, initiates, and tracks the progress and completion of a particular job or task?

A) SOW
B) WO
C) SLA
D) MSA

Answer 25

B) WO