Risk Management Flashcards

1
Q

A script kiddie is a classic example of a(n) _________.

attacker

threat

threat actor

A

threat actor

A script kiddie is a classic example of a threat actor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk is often considered formulaically as

Risk = Probability × Threat

Risk = Threat × Impact

Risk = Probability × Impact

A

Risk = Probability × Impact

Risk is often considered formulaically as Risk = Probability × Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A company makes a document called “Acceptable Use” that defines what the company allows users to do and not do on their work systems. The company requires new employees to read and sign this. What is this type of document called?

Standard

Policy

Procedure

A

Policy

Policies are normally written documents that define an organization’s goals and actions. Acceptable use policies are very common

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A ___________ is a description of a complex process, concentrating on major steps and the flows between the steps.

law

procedure

framework

A

framework

A framework is a description of a complex process, concentrating on major steps and the flows between the steps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

No Trespassing sign is an example of a __________ control.

deterrent

preventative

detective

A

deterrent

A deterrent control deters a threat actor from performing a threat. A No Trespassing sign is a good example

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A lock on the door of a building is an example of a __________ control.

deterrent

preventative

detective

A

preventative

A preventative control stops threat actors from performing a threat. Locks are a notable example

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An asset’s exposure factor is measured in _______ .

dollars

percentages

units

A

percentages

Exposure factor is measured in terms of a percentage of loss to the value of that asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following equations is correct?

Single Loss Expectancy = Asset Value × Exposure Factor

Annualized Rate of Occurrence = Asset Value × Exposure Factor

Annualized Loss Expectancy = Asset Value × Exposure Factor

A

Single Loss Expectancy = Asset Value × Exposure Factor

The only correct equation is Single Loss Expectancy = Asset Value × Exposure Factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Financial is one type of business impact. Which of the following names another?

Technical

Device

Reputation

A

Reputation

Of the choices listed, only reputation is a common business impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component?

MTTR

MTBF

MTMB

A

MTBF

Mean time between failures (MTBF) represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component

How well did you know this?
1
Not at all
2
3
4
5
Perfectly