Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Sec+ SY0-501 > Risk Management . > Flashcards

Risk Management . Flashcards

1
Q

Risks are the combination of a ______ and a corresponding _______.

A
  • Threat

- Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What two formulas does Quantitative risk assessments use?

A

SingleLossExpectancy = AssetValue x ExposureFactor
OR
AnnualizedLossExpectancy = AnnualizedRateOfOccurence x SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What four things are included in a response to a risk & how do you implement these responses?

A
  • AVOID risks by changing business practices.
  • MITIGATE risks by implementing controls.
  • ACCEPT risks and continue operations.
  • TRANSFER risks through insurance or contract.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 8 major categories of security controls?

A
  • Detterent Control
  • Preventive Control
  • Detective Control
  • Corrective Control
  • Compensating Control
  • Technical Control
  • Administrative Control
  • Physical Control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This Major Security Control…

Discourages an adversary from attempting a violation of security.

A

Deterrent Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This Major Security Control…

Stops an adversary from violating security.

A

Preventive Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This Major Security Control…

Identifies potential violations of security.

A

Detective Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This Major Security Control…

Restores the original state after a violation of security.

A

Corrective Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This Major Security Category…

Fills the gap left when it is not possible to implement a required control.

A

Compensating Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This Major Security Control…

Uses technological means to meet a security objective.

A

Technical Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This Major Security Control…

Uses policy, process, or procedure to meet a security objective.

A

Administrative Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This Major Security Control…

Uses physical constraints to meet a security objective.

A

Physical Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Personnel security principles include what?

A
  • Need To Know
  • Least Privilege
  • Separation of Duties
  • Two-Person Control
  • Mandatory Vacations/ Job Rotation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This personnel security principle…

Requires a legitimate business need to accept information.

A

Need To Know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This personnel security principle…

Grants individuals the minimum necessary permissions to perform their jobs.

A

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This personnel security principle…

Blocks someone from having two sensitive privileges in combination.

A

Separation of Duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This personnel security principle…

Requires two people to perform a sensitive activity.

A

Two-Person Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This personnel security principle…

Seeks to prevent fraudulent activity by uncovering malfeasance.

A

Mandatory Vacations/ Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Business continuity planning conducts a business ______ ______ and then implements controls designed to keep the business running during adverse circumstances.

A

impact assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Backups provide an important disaster recovery control (T/F)?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the three major categories of backup?

A
  • Full Backup
  • Differential Backup
  • Incremental Backup
22
Q

This type of backup…

Copies all files on a system.

A

Full Backup

23
Q

This type of backup…

Copies all files on a system that have changed since the most recent full backup.

A

Differential Backup

24
Q

This type of backup…

Copies all files on a system that have changed since the most recent full or incremental backup.

A

Incremental Backup

25
Q

Disaster recovery sites fit into ____ major categories.

A

three

26
Q

What are the three major Disaster Recovery Site categories?

A
  • Cold Site
  • Warm Site
  • Hot Site
27
Q

This Disaster Recovery Site…

  • Has support systems
  • No configured servers
  • No real-time data
A

Cold Site

28
Q

This Disaster Recovery Site…

  • Has support systems
  • Has configured servers
  • No real-time data
A

Warm Site

29
Q

This Disaster Recovery Site…

  • Has support systems
  • Has configured servers
  • Has real-time data
A

Hot Site

30
Q

Disaster recovery plans require testing (T/F)?

A

True!

31
Q

What are the five major test types?

A
  • Read-Through/Tabletop
  • Walkthrough
  • Simulation
  • Parallel
  • Full Interruption
32
Q

In this type of Disaster Recovery (DR) Test Type…

Plan participants review the plan and their specific role, either as a group or individually.

A

Read-through/Tabletop

33
Q

In this type of Disaster Recovery Test Type…

The DR team gathers to walk through the steps in the DR plan and verify that it is current and matches expectations.

A

Walkthrough

34
Q

In this type of Disaster Recovery Test Type…

DR team participates in a scenario-based exercise that uses the DR plan without implementing technical recovery controls.

A

Simulation

35
Q

In this type of Disaster Recovery Test Type…

DR team activates alternate processing capabilities without taking down the primary site.

A

Parallel

36
Q

DR team takes down the primary site to stimulate a disaster.

A

Full Interruption

37
Q

Information should be ______ based upon its sensitivity to the organization.

A

Classified

38
Q

What are the common classes of sensitive information?

A
  • Personally Identifiable Information (PII)
  • Protected Health Information (PHI)
  • Proprietary Information
39
Q

What is PII?

A

Personally Identifiable Information

  • It uniquely identifies individuals.
40
Q

What is PHI?

A

Protected Health Information

  • It includes individual health records.
41
Q

What is Proprietary Information?

A

It contains trade secrets.

42
Q

Only collecting data that is necessary for legitimate business purposes is known as data _______ .

A

minimization

43
Q

Use _______ technology to ensure that no traces of data remain on media (data remnance) before discarding it.

A

sanitization

44
Q

_______ performs a delete operation on a file but the data remains on disk.

A

Erasing

45
Q

_______ overwrites the data with random values to ensure that it is sanitized.

A

Clearing

46
Q

What are the three Data Roles?

A
  • Data Owner
  • System Owner
  • Data Processor
47
Q

This Data Role…

Is a senior-level executive who establishes rules and determines controls.

A

Data Owner

48
Q

This Data Role…

Is an Individual responsible for overseeing secure operation of systems.

A

System Owner

49
Q

This Data Role…

Is an individual with access to personal or sensitive information.

A

Data Processor

50
Q

What is the six-step incident response process that an organization should follow when responding to a security response.

A
  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery/ Repair Damage
  6. Lessons Learned

CompTIA Sec+ SY0-501 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions