Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CySA+ 2 > CySA+ Study Notes 10 > Flashcards

CySA+ Study Notes 10 Flashcards

1
Q

Threat Vectors are the specific methods that threats use to exploit a vulnerability.

Impact : amount of expected damage.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AV = dollar value of an asset; EF = expected % of damage to an asset; SLE = expected dollar loss if risk occurs one time; AV x EF = SLE; ARO = number of times each year that we expect a risk to occur; ALE = amount of money we expect to lose each year from a risk; SLE x ARO = ALE.

A

info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Prescriptive Framework : describe mandatory security requirements that must be implemented in all circumstances.

Risk-Based Framework : allow org.’s to adjust to level of control based upon likelihood and impact of each risk; ex : NIST SP 800-37.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

MTTF : avg time a nonrepairable component will last.

MTBF : avg time gap between failures of a repairable component.

MTTR : avg time required to return a repairable component to service.

Risk Register : tracks risk information.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assessment are usually requested internally, while audits are often imposed by external requirements.

User Access Reviews : validate user rights and permissions.

System Assessment : validate security controls.

Certification : determines that a system meets security criteria.

Accreditation : approves use of a system in a specific environment.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

(1) initiating, (2) diagnosing, (3) establishing, (4) action, (5) learning.

A

IDEAL Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

commonly used when legal dispute is unlikely but customer and vendor still wish to document their relationship to avoid future misunderstandings;

A

MOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SLR : document specific requirements that a customer has about any aspect of a vendors service performance; ex.’s : system response time, service availability, data preservation. Document SLRs in a SLA == written contract between vendor and customer describing conditions of service and penalties that will occur for failure to maintain the agreed upon service level.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

BPA : 2 org.’s agree to do business with each other in a partnership.

ISA : includes details on ways 2 org.’s will interconnect their networks, systems, and/or data.

MSA : includes all key terms that will govern the relationship.

SOW : each new project committed to which includes specific terms of that engagement.

A

info …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

policies and standards are mandatory. Guidelines are optional. Procedures can go either way.

A

Security Policy Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CySA+ 2 (14 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions