Exam 1

Question 1

Which security principle is opposite of disclosure?
A) integrity
B) availability
C) confidentiality
D) authorization

Answer 1

Confidentiality

Question 2

Opposite of corruption?

Answer 2

Integrity

Question 3

Opposite of destruction?

Answer 3

Availability

Question 4

Opposite of disapproval?

Answer 4

Authorization

Question 5

Security policy

Answer 5

Administrative control

Question 6

CCTV and locks

Answer 6

Physical control

Question 7

Data backups

Answer 7

Technical control

Question 8

What is a vulnerability?

Answer 8

An absence or weakness of a countermeasure that is in place

Question 9

Threat?

Answer 9

Vulnerability is identified or exploited

Question 10

Threat agent?

Answer 10

Entity that carries out a threat

Question 11

Exposure?

Answer 11

Organizational asset exposed to losses

Question 12

Countermeasure or safeguard?

Answer 12

Control that reduces risk

Question 13

Examples of technical threats?

Answer 13

Hardware/ software failure
Malicious code
New technologies

Question 14

Human threat agents?

Answer 14

Malicious and non malicious insiders and outsiders
Terrorists
Spies
Terminated personnel

Question 15

Natural threat agents?

Answer 15

Floods
Fires
Tornadoes 
Hurricanes 
Earthquakes 
Other natural disaster or weather event

Question 16

Environmental threat agents?

Answer 16

Power or utility failure
Traffic issues
Biological warfare
Hazardous material issues

Question 17

SLE?

Answer 17

Single-Loss expectancy. Monetary impact of threat occurrence.

Question 18

ARO

Answer 18

Annualized rate of occurrence. How often a threat may occur annually.

Question 19

ALE

Answer 19

Annual lose expectancy. Expected risk factor of an annual threat event

Question 20

EF

Answer 20

Exposure Factor. Percent value or or functionality loss after threat event

Question 21

Advisory security policies?

Answer 21

Instruction on acceptable and unacceptable activities.

Question 22

Informative security policies?

Answer 22

Provide info on topics and act as educational tool.

Question 23

Regulatory security policies?

Answer 23

Address specific industry regulations, including mandatory standards.

Question 24

System-specific security policies?

Answer 24

Address security for a specific computer, network, technology, or application.

Question 25

Computer assisted crime?

Answer 25

Computer used as a tool to help commit a crime

Question 26

Incidental computer crime?

Answer 26

Computer involved in a crime but not the victim or the attacker

Question 27

Computer targeted crime?

Answer 27

Computer is victim and the attacker means harm against the computer and its victim

Question 28

Computer prevalence crime?

Answer 28

Happen because computer are so widely used

Question 29

4 stages of security program lifecycle?

Answer 29

1. Plan and organize
2. Implement
3. Operate and maintain
4. Monitor and evaluate

Question 30

CSO?

Answer 30

Chief security officer. Responsible for security effort. Reports directly to CEO

Question 31

CPO?

Answer 31

Chief privacy officer. Responsible for private information. Reports directly to CIO

Question 32

CFO?

Answer 32

Chief financial officer. Responsible for all financial aspects of the organization

Question 33

Acceptable use policy?

Answer 33

Directive control. Lists proper procedures personnel must follow.

Question 34

Corrective controls?

Answer 34

Reduce effect of attack

Question 35

Detective controls?

Answer 35

Detect attack while occurring and inform proper authorities

Question 36

Compensative controls?

Answer 36

Sub for primary controls to mitigate risk

Question 37

Attacker centric threat model?

Answer 37

Profiles attackers characteristics, skills, and motivations to exploit vulnerabilities

Question 38

Application centric threat modeling?

Answer 38

Uses application diagrams to analyze threats

Question 39

Assets centric threat modeling?

Answer 39

Uses attack trees, attack graphs, or display patterns to determine how an asset can be attack.

Question 40

risk avoidance

Answer 40

terminating the risk factor or chosing something not as risky

Question 41

residual risk

Answer 41

the risk left over after safe guards

Question 42

risk transfer

Answer 42

is passing the risk on to a third party

Question 43

risk migration

Answer 43

is defining the acceptable risk level

Question 44

data owner

Answer 44

determine the classification level or the data

Question 45

data custodian

Answer 45

implements the classification to the data

Question 46

security administrator

Answer 46

maintains security devices

Question 47

corrective control

Answer 47

reduces the effect of an attack

Question 48

compensative control

Answer 48

substitute for primary access control

Question 49

preventive control

Answer 49

prevents an attack from happening

Question 50

zachmans framework

Answer 50

two dimensional model that intersects 6 communications and various veiwpoints

Question 51

what do employees sign to protect trade secrets

Answer 51

NDA or non-disclosure agreements

Question 52

due care

Answer 52

took all measures possible to prevent a security breach

Question 53

due diligence

Answer 53

investigated all vulnerabilities

Question 54

CRAMM?

Answer 54

CCTA Risk analysis and management method. Steps:

1. Indemnify value and assets
2. Identify threats and vulnerabilities and calculate risks
3. Identify and prioritize countermeasures

Question 55

what not to worry about during a merger

Answer 55

the costs

Question 56

Information life cycle?

Answer 56

1. Create/ receive
2. Distribute
3. Use
4. Maintain
5. Dispose/ store

Question 57

Data quality?

Answer 57

Fitness of data for use

Question 58

Data remanence?

Answer 58

Clearing
Purging
Destruction

Question 59

Media destruction?

Answer 59

Physical
Chemical
Magnetic

Question 60

primary objective during a security incident is

Answer 60

minimal disruption to the organizations mission

Question 61

Which framework uses six communication questions that intersect with six layers?
Six Sigma 
SABSA
ITIL
ISO/ISEC 27000 Series

Answer 61

SABSA

Question 62

Which of the following is a 2 dimensional model that intersects communication interrogatives with various viewpoints?
SABSA
Zachman framework
TOGAF
ITIL

Answer 62

Zachman framework