Domain 2: Compliance and Operational Security

Question 1

Managing Risk

Answer 1

Acceptance, Transference, Avoidance, Deterrence, Mitigation

Question 2

Security Controls

Answer 2

Technical, Management, Operational

Question 3

Security Measures

Answer 3

Detective, Preventative, Compensating, Corrective

Question 4

Confidentiality

Answer 4

Threats: Eavesdropping, system compromise and access
Defense: cryptosystems, access controls

Question 5

Integrity

Answer 5

Threats: spoofing, system compromise and access
Defense: digital signatures and hashing

Question 6

Availability

Answer 6

Threats: denial of service
Defense: redundancy, fault tolerance, and patching

Question 7

CIA triad +1

Answer 7

confidentiality, integrity, availability, safety

Question 8

Incident Response Steps

Answer 8

PICERL: prepare, identify, contain, eradicate, recover,

lessons learned and follow up

Question 9

OOV

Answer 9

order of volatility

Question 10

SPF

Answer 10

single point of failure

Question 11

BIA

Answer 11

business impact analysis

Question 12

DRP

Answer 12

disaster recovery plan

Question 13

MTTR

Answer 13

mean time to recovery - average time to recover asset - key in DRP and COO

Question 14

MTBF

Answer 14

mean time between failures - average time between critical failures

Question 15

RTO

Answer 15

recovery time objective - minimum recovery time

Question 16

RPO

Answer 16

recovery point objective - minimum amount of data restored

Question 17

COO

Answer 17

continuity of operations - prep for ongoing operations

Question 18

BCP

Answer 18

business continuity plan

Question 19

SaaS

Answer 19

software as a service - e.g. application in the cloud

Question 20

PaaS

Answer 20

platform as a service: e.g. plain operating system as a service

Question 21

IaaS

Answer 21

infrastructure as a service - e.g. date center in the cloud

Question 22

ISA

Answer 22

interconnection service agreement

Question 23

MOU

Answer 23

memorandum of understanding,

Question 24

SLA

Answer 24

service level agreement

Question 25

BPA

Answer 25

business partnership agreement

Question 26

ARO

Answer 26

annualized rate of occurance

Question 27

SLE

Answer 27

single loss expectancy. SLE = AV x EF (SLEAVE + F)

Question 28

ALE

Answer 28

annual loss expectancy. SLE x ARO

Question 29

AV

Answer 29

asset value

Question 30

EF

Answer 30

exposure factor

Question 31

ADS

Answer 31

alternate data streams (hiding files)

Question 32

AUP

Answer 32

acceptable use policy

Question 33

Backup Types

Answer 33

• full
• copy
• incremental
• differential

Question 34

Full Backup

Answer 34

full system back up. slowest to backup, fastest to restore

Question 35

Copy Backup

Answer 35

disk image

Question 36

Incremental Backup

Answer 36

goes back to last incremental or full back up. fastest to back up, slowest to restore

Question 37

Differential Backup

Answer 37

goes to last full backup only