Part 15 Flashcards
Which of the following threats would be classified as the actions of a hactivist?
a) external threat
b) internal threat
c) environmental threat
d) compliance threat
external threat
Which of these is not a response to risk? A) mitigation b) transference c) resistance d) avoidance
resistance
Which of the following is not a threat classification category?
a) compliance
b) financial
c) tactical
d) strategic
tactical
In which of the following threat classifications would a power blackout be classified?
a) operational
b) managerial
c) technical
d) strategic
operational
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (high, medium, or low) to represent a risk?
a) quantitative risk calculation
b) qualitative risk calculation
c) rule-based risk calculation
d) policy based risk calculation
qualitative risk calculation
What is a list of potential threats and associated risks?
risk register
Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new data center because it would be located in an earthquake one?
a) transference
b) avoidance
c) rejection
d) prevention
avoidance
Which of the following control categories includes conducting workshops to help users resist phishing attacks?
a) managerial
b) operational
c) technical
d) administrative
operational
Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use?
a. AV
b. SLE
c. ARO
d. ALE
SLE
Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found?
control risk
Simona needs to research a control that attempts to discourage security violation before they occur. Which control will she research?
deterrent control
Which of the following is not legally enforceable agreement but is still more formal than an unwritten agreement? BPA SLA MOU MSA
MOU
Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this?
EOP
Which of the following is NOT concern for users regarding the usage of their privacy data?
associations with groups
individual inconviniences and identity theft
timeliness of data
statistical inferences
timeliness of data
Which of the following is not a consequence to an organization that has suffered a data security breach? reputation damage IP theft de-escalation of reporting requirements monetary fine
de-escalation of reporting requirements
Which of the following data types the highest level of data sensitivity? private secure sensitive confidential
confidential
Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data?
public
Which of the following uses data anonymization? tokenization data masking data minimization data obfuscation sanitization (DOS)
data masking
Which of the following is NOT true about data sovereignty?
data sovereignty is concept that until recently was less of an issue
generally, data is subject to laws of the country in which it is collected or processed.
governments cannot force companies to store data within specific countries
regulations are not necessarily on where the organization is headquartered
governments cannot force companies to store data within specific countries
Bob needs to create an agreement between his company and a third-party organization that demonstrates a “convergence of will” between the parties so that they can work together. Which type of agreement will Bob use?
MOU
