Domain 3

Question 1

IRM

Answer 1

Information Risk Management. Risks and threats identified. Vulnerabilities reduced and controls implemented.

Question 2

Exposure factor

Answer 2

Estimated percentage of loss should a threat exploit the vulnerability in an asset.

Question 3

SLE Calculation

Answer 3

SLE= Asset Value x EF (%)

Question 4

Threat action/Threat agent

Answer 4

Actual threat

Question 5

Threat vector

Answer 5

Path a threat takes to cause an action

Question 6

ISO 27005

Answer 6

Information Risk Management framework

Question 7

NIST 800-37 rev 1

Answer 7

Risk management framework for federal info systems

Question 8

ALE calc

Answer 8

ALE=SLE x ARO

Question 9

ARO expressed as…

Answer 9

Percentage betwen 0.0 and 1.0

Question 10

Analysis vs. Assessment

Answer 10

Perform an analysis. Results of analysis enable you to make an assessment

Question 11

NIST 800-30

Answer 11

Guide for conducting risk assessments

Question 12

Risk treatment plan

Answer 12

Determine who is responsible for controls with time frame and budget

Question 13

MIB

Answer 13

SNMP Management information Base. Resides on the device and contains info about it. Responds to SNMP agent.

Question 14

SNMP Agent

Answer 14

SNMP responder on the device

Question 15

Passive monitoring

Answer 15

Capture traffic on a device using span/mirror port

Question 16

Active monitoring

Answer 16

Special packets introduced to network to monitor perf.

Question 17

Real time monitoring

Answer 17

Devices like IPS.