Domain 1

Question 1

Any potential danger to an organization

Answer 1

threat

Question 2

What is STRIDE

Answer 2

Identifies threats based off of major categories:

Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privileges

Question 3

A 7 step risk centric methodology that starts by identifying business objectives and technical requirements and takes into account compliance issues and business specific

Answer 3

PASTA

Question 4

Total cost an organization can expect to occur from a given risk in a year

Answer 4

ALE (annual loss expectancy)

Question 5

AV x EF = ?

Answer 5

SLE (single loss expectancy)

Question 6

Controls that are proactive or preventative

Answer 6

safeguard

Question 7

Reactive controls put in place when risks have occurred

Answer 7

countermeasure

Question 8

Protects important business information. They do not need to be disclosed and are infinite

Answer 8

Trade Secrets

Question 9

meant to protect some innovative or novel idea they do need to be disclosed and they only provide protection for a set period

Answer 9

Patent

Question 10

protects the expression of an idea in some sort of fixed medium like books movies or songs disclosure is required and the protection is again only for a set period of time

Answer 10

copyright

Question 11

protect some sort of unique color, sound, symbol used to distinguish one product or company

Answer 11

trademarks

Question 12

the maximum tolerable data loss that an
organization can accept

Answer 12

RPO

Question 13

the time from when the incident occurs to the point at which the business is back

Answer 13

RTO

Question 14

the maximum time required to verify the integrity of a systems and data as they return the normal operation

Answer 14

work recovery time (WRT)

Question 15

maximum amount of time in total that a process can be disrupted before the
business is no longer in business

Answer 15

MTD