Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA CASP+ > Risk Management > Flashcards

Risk Management Flashcards

1
Q

Which of the following best describes a partnership?
A. The combination of two or more corporations transferring the properties to one surviving corporation
B. Two or more persons or companies contractually associated as joint principals in a business
C. Obtaining goods or services from an outside supplier
B. A condition in which a business cannot meet its debt obligations

A

B. A partnership is a type of business entity in which two or more entities share potential profit and risk with each other.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In what way is outsourcing different from a partnership?
A. Outsourcing only occurs when products come from third countries, whereas partnerships occur within the same country.
B. Both use in-house labor to create products for themselves.
C. One uses in-house labor, whereas the other contracts the labor from a partner.
D. One uses an outside supplier, whereas the other combines the two entities.

A

C. Outsourcing is when the customer assigns the work to the contractor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Which of the following is not an issue to consider with cloud computing? 
A. Physical location of data 
B. Sensitivity of data 
C. Hiring practices 
D. Disaster recovery plans
A

A. With cloud computing, you don’t worry about the physical location of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
Which of the following is not an advantage of quantitative risk assessments? 
A. Examination of real threats 
B. Fast results 
C. Real numbers 
D. Dollar values
A

B. Quantitative assessment takes much more time than qualitative assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q 
Which of the following is the formula for SLE? 
A. SLE = AV × EF 
B. SLE = AV / EF 
C. SLE = ARO × EF 
D. SLE = ARO × AV
A

A. Single loss expectancy (SLE) = asset value (AV) × exposure factor (EF).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q 
Which of the following is not an advantage of qualitative risk assessments? 
A. Speed 
B. Use of numeric dollar values 
C. Based on CIA 
D. Performed by a team
A

B. There are no dollar values with qualitative assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
Which of the following is the formula for ALE? 
A. ALE = AV × ARO 
B. ALE = ARO x SLE 
C. ALE = SLE / ARO 
D. ALE = AV / ARO
A

B. Annualized loss expectancy (ALE) = annualized rate of occurrence (ARO) × single loss expectancy (SLE).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q 
Which of the following is the approach for dealing with risk that incurs an ongoing continual cost from a third party? 
A. Accept 
B. Avoid 
C. Mitigate 
D. Transfer
A

D. Transferring the risk means to offload the risk to a third party, which would incur a monthly fee, such as, for example, an insurance premium.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Implementation of a firewall best maps to which of the following? 
A. Accept 
B. Avoid 
C. Mitigate 
D. Transfer
A

C. Implementing a technical control such as a firewall is an example of mitigating the risk (of network attacks).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
The government-based information classification model is based on which of the following? 
A. Confidentiality 
B. Availability 
C. Integrity 
D. Service level
A

A. The governmental system focuses on confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q 
The industry-based model of information classification is based on which of the following? 
A. Confidentiality 
B. Availability 
C. Integrity 
D. Service level
A

C. An industrial or commercial system is based on integrity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
Which of the following is the highest level in the government model of information classification? 
A. Supersecret 
B. Top Secret 
C. Secret 
D. Sensitive
A

B. Top Secret is the highest classification level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
Which of the following is the lowest level of information classification in the public-sector model? 
A. Open 
B. Public 
C. Available 
D. Unclassified
A

B. Information classified as public is freely available for all to know.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which of the following is not an attribute of TPM? A. Inexpensive
B. Specialized chip
C. External to device
D. Fast

A

C. The TPM is internal to the device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following is not an attribute of HSM? A. Protects cryptographic algorithms
B. Comes in PCI blades
C. Sold as stand-alone devices
D. Can handle high volumes of transactions

A

D. HSM cannot handle high volumes of transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q 
After determining the exposure factor, which is the next step of the quantitative risk assessment process? 
A. Determine SLE 
B. Determine ARO 
C. Determine ALE 
D. Determine AV
A

D. The next step is to determine the asset value (AV).

17
Q 
Which of the following is not a concern for data in transit? 
A. Man-in-the-middle attacks 
B. Backdoor attack 
C. Sniffing 
D. Hijacking
A

B. Backdoor attacks do not target data in transit.

18
Q

Which of the following best describes EDI?
A. It is based on an X509 format.
B. It is based on an ANSI X114 format.
C. EDI is used to exchange data in a format that both the sending and receiving systems can understand.
D. EDI is used to convert data into a format that both the sending and receiving systems can understand.

A

C. EDI is used to exchange data in a format that both the sending and receiving systems can understand.

19
Q 
A(n) \_\_\_\_\_\_\_\_\_\_\_\_\_\_ can be described as a weakness in hardware, software, or components that may be exploited in order for a threat to destroy, damage, or compromise an asset. 
A. Vulnerability 
B. Threat 
C. Exposure 
D. Risk
A

A. A vulnerability is a weakness in hardware, software, or components that may be exploited.

20
Q 
A(n) \_\_\_\_\_\_\_\_\_\_\_\_\_\_ is any agent, condition, or circumstance that could potentially cause harm to, loss of , or damage to an IT asset or data asset or compromise it. 
A. Vulnerability 
B. Risk 
C. Threat 
D. Exposure
A

C. A threat is any agent, condition, or circumstance that could potentially cause harm to, loss of, or damage to an IT asset or data asset or compromise it.

21
Q 
What does GDPR stand for? 
A. General Data Progressive Regulation 
B. General Data Protection Regulation 
C. General Document Protection Regulation 
D. General Detail Protection Regulation
A

B. GDPR stands for General Data Protection Regulation.

22
Q 
What does PII stand for? 
A. Protected important intelligence 
B. Personal imperative intellect 
C. Personally identifiable information 
D. Personally imperative info
A

C. PII stands for personally identifiable information.

CompTIA CASP+ (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions