Domain 1 - Security and Risk Management

Question 1

The Following are elements of what Threat Assessment model?

Spoofing, Tampering, Repudiation, Information disclosure (privacy breach or data leak), Denial of service, and Elevation of privilege.

Answer 1

STRIDE

Question 2

Which commercial business/private sector data classification is used to control information about individuals within an organization?

Answer 2

PRIVATE

Question 3

Data classifications are used to focus security controls over what three areas?

Answer 3

Storage

Processing

Transfer

Question 4

When seeking to hire new employees, what is the first step?

Answer 4

Create a job description

Question 5

________ includes analyzing an environment for risks, evaluating each threat event as to its likelihood of occurring and the cost of the damage it would cause, assessing the cost of various countermeasures for each risk, and creating a cost/benefit report for safeguards to present to upper management

Answer 5

Risk Analysis

Question 6

______ are accidental or intentional exploitations of vulnerabilities

Answer 6

Threat Events

Question 7

A ______ is the absence or weakness of a safeguard or countermeasure.

Answer 7

Vulnerability

Question 8

All of the following are valid definitions of what?

A. An assessment of probability, possibility, or chance

B. Risk = threat * vulnerability

C. Every instance of exposure

Answer 8

RISK

Question 9

True / False

The annual costs of safeguards should not exceed the expected annual cost of asset loss.

Answer 9

TRUE

Question 10

How is single loss expectancy (SLE) calculated?

Answer 10

SLE = Asset value ($) * exposure factor

Question 11

How is the value of a safeguard to a company calculated?

Answer 11

ALE before safeguard – ALE after implementing the safeguard – annual cost of safeguard [(ALE1 – ALE2) – ACS]

Question 12

What is the first step that individuals responsible for the development of a business continuity plan should perform?

Answer 12

Business organization analysis

Question 13

Once the BCP team is selected, what should be the first item placed on the team’s agenda?

Answer 13

Business organization analysis

Question 14

What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended?

Answer 14

Systems used in interstate commerce

Question 15

Intellectual Property protection is achieved through what?

Answer 15

Copyright

Question 16

What framework allows U.S. companies to certify compliance with EU privacy laws?

Answer 16

The Privacy Shield framework, governed by the U.S. Department of Commerce and Federal Trade Commission, allows U.S. companies to certify compliance with EU data protection law.

Question 17

Which one of the following is not a requirement that Internet service providers must satisfy in order to gain protection under the “transitory activities” clause of the Digital Millennium Copyright Act?

Answer 17

The service provider and the originator of the message must be located in different states.

Question 18

Which one of the following laws is not designed to protect the privacy rights of consumers and internet users?

Answer 18

The USA PATRIOT Act was adopted in the wake of the September 11, 2001, terrorist attacks. It broadens the powers of the government to monitor communications between private citizens and therefore actually weakens the privacy rights of consumers and internet users. The other laws mentioned all contain provisions designed to enhance individual privacy rights.

Question 19

What is the standard duration of patent protection in the United States?

Answer 19

20 years from the application date