Part 15 Flashcards

1
Q

Which of the following threats would be classified as the actions of a hactivist?

a) external threat
b) internal threat
c) environmental threat
d) compliance threat

A

external threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
Which of these is not a response to risk?
A) mitigation
b) transference
c) resistance
d) avoidance
A

resistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is not a threat classification category?

a) compliance
b) financial
c) tactical
d) strategic

A

tactical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In which of the following threat classifications would a power blackout be classified?

a) operational
b) managerial
c) technical
d) strategic

A

operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following approaches to risk calculation typically assigns a numeric value (1-10) or label (high, medium, or low) to represent a risk?

a) quantitative risk calculation
b) qualitative risk calculation
c) rule-based risk calculation
d) policy based risk calculation

A

qualitative risk calculation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a list of potential threats and associated risks?

A

risk register

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new data center because it would be located in an earthquake one?

a) transference
b) avoidance
c) rejection
d) prevention

A

avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following control categories includes conducting workshops to help users resist phishing attacks?

a) managerial
b) operational
c) technical
d) administrative

A

operational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use?

a. AV
b. SLE
c. ARO
d. ALE

A

SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Enzo is reviewing the financial statements and has discovered a serious misstatement. What type of risk has he found?

A

control risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Simona needs to research a control that attempts to discourage security violation before they occur. Which control will she research?

A

deterrent control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Which of the following is not legally enforceable agreement but is still more formal than an unwritten agreement?
BPA
SLA
MOU
MSA
A

MOU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Angelo has received notification that a business partner will no longer sell or update a specific product. What type of notification is this?

A

EOP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is NOT concern for users regarding the usage of their privacy data?
associations with groups
individual inconviniences and identity theft
timeliness of data
statistical inferences

A

timeliness of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
Which of the following is not a consequence to an  organization that has suffered a data security breach?
reputation damage
IP theft
de-escalation of reporting requirements
monetary fine
A

de-escalation of reporting requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
Which of the following data types the highest level of data sensitivity?
private
secure
sensitive
confidential
A

confidential

17
Q

Sergio has been asked to make a set of data that was once restricted now available to any users. What data type will Sergio apply to this set of data?

A

public

18
Q
Which of the following uses data anonymization?
tokenization
data masking
data minimization
data obfuscation sanitization (DOS)
A

data masking

19
Q

Which of the following is NOT true about data sovereignty?
data sovereignty is concept that until recently was less of an issue
generally, data is subject to laws of the country in which it is collected or processed.
governments cannot force companies to store data within specific countries
regulations are not necessarily on where the organization is headquartered

A

governments cannot force companies to store data within specific countries

20
Q

Bob needs to create an agreement between his company and a third-party organization that demonstrates a “convergence of will” between the parties so that they can work together. Which type of agreement will Bob use?

A

MOU