Domain 1 set 4

Question 1

Known as a Program Policy

Answer 1

Organizational security Policy

Question 2

What are the 9 steps in NIST 800-30

Answer 2

1. System characterization
2. Threat Identification
3. Vulnerability Identification
4. Control Analysis
5. Likelihood Determination
6. Impact Analysis
7. Risk Determination
8. Control Recommendations
9. Results Documentation

Question 3

Vulnerability

Answer 3

Weaknesses in security Controls

Question 4

The card industry Data security standard

Answer 4

PCI DSS

Question 5

Is a single system Risk assessment?

Answer 5

FRAP

Question 6

What is it called when a data owner accepts the certification?

Answer 6

Accreditation

Question 7

Copyrights are good for?

Answer 7

Life Time Plus 70 years after

Business 95 years

Question 8

Who plans, builds, runs and monitors activities in alignment with the direction set .

Answer 8

Management

Question 9

Who is responsible for Data Privacy Requirements?

Answer 9

Data Owners

Question 10

AV

Answer 10

Asset Value

Question 11

Privacy Act of 1974

Answer 11

applies only to federal Agencies

Question 12

Residual Risk

Answer 12

The amount of risk left over after a risk response

Question 13

What committee of sponsoring organizations of the treadway commission?

Answer 13

COSO

Question 14

A Threat

Answer 14

An external force that Jeopardizing security

Question 15

What Plan is used to bring back business functions?

Answer 15

BRP

Question 16

GDPR

Answer 16

updated EU Law for 2018

Question 17

How long is a Patent?

Answer 17

20 years

Question 18

“NEED TO KNOW” is what type of control?

Answer 18

Horizontal Control

Question 19

What is the self Directed Rick Evaluation methodology

Answer 19

OCTAVE

Question 20

What act is for Identity theft

Answer 20

(ITADA) Identity Theft and Assumption Deterrence Act

Question 21

Used to ensure Honest opinions using Anonymous communications

Answer 21

Delphi Technique

Question 22

What is Data in use?

Answer 22

Data in memory, memory caches and CPU Registers

Question 23

Who monitors the performance?

Answer 23

Governance

Question 24

Vertical Control?

Answer 24

example Top secret, secret, etc…

Question 25

Not Mandatory policy for best practices

Answer 25

Guidelines

Question 26

Proactive Controls are?

Answer 26

Safeguards

Question 27

What are the 8 steps to EDRM

Answer 27

The Electronic Discovery Reference Model

1. Identification
2. Preservation
3. Collection
4. processing
5. review
6. Analysis
7. Production
8. Presentation

Question 28

OEP

Answer 28

Occupant Emergency Plan

Question 29

Step by Steps Directives

Answer 29

Procedures

Question 30

An username is what part of IAAA?

Answer 30

Identification