Part 15 Flashcards
Which of the following threats would be classified as the actions of a hactivist?
a) external threat
b) internal threat
c) environmental threat
d) compliance threat
external threat
Which of these is not a response to risk? A) mitigation b) transference c) resistance d) avoidance
resistance
Which of the following is not a threat classification category?
a) compliance
b) financial
c) tactical
d) strategic
tactical
In which of the following threat classifications would a power blackout be classified?
a) operational
b) managerial
c) technical
d) strategic
operational
Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (high, medium, or low) to represent a risk?
a) quantitative risk calculation
b) qualitative risk calculation
c) rule-based risk calculation
d) policy based risk calculation
qualitative risk calculation
What is a list of potential threats and associated risks?
risk register
Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new data center because it would be located in an earthquake one?
a) transference
b) avoidance
c) rejection
d) prevention
avoidance
Which of the following control categories includes conducting workshops to help users resist phishing attacks?
a) managerial
b) operational
c) technical
d) administrative
operational
Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use?
a. AV
b. SLE
c. ARO
d. ALE
SLE
Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found?
control risk
Simona needs to research a control that attempts to discourage security violation before they occur. Which control will she research?
deterrent control
Which of the following is not legally enforceable agreement but is still more formal than an unwritten agreement? BPA SLA MOU MSA
MOU
Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this?
EOP
Which of the following is NOT concern for users regarding the usage of their privacy data?
associations with groups
individual inconviniences and identity theft
timeliness of data
statistical inferences
timeliness of data
Which of the following is not a consequence to an organization that has suffered a data security breach? reputation damage IP theft de-escalation of reporting requirements monetary fine
de-escalation of reporting requirements