Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Sec+ SY0-501 > Risk Management . > Flashcards

Risk Management . Flashcards

1
Q

Risks are the combination of a ______ and a corresponding _______.

A
  • Threat

- Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What two formulas does Quantitative risk assessments use?

A

SingleLossExpectancy = AssetValue x ExposureFactor
OR
AnnualizedLossExpectancy = AnnualizedRateOfOccurence x SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What four things are included in a response to a risk & how do you implement these responses?

A
  • AVOID risks by changing business practices.
  • MITIGATE risks by implementing controls.
  • ACCEPT risks and continue operations.
  • TRANSFER risks through insurance or contract.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 8 major categories of security controls?

A
  • Detterent Control
  • Preventive Control
  • Detective Control
  • Corrective Control
  • Compensating Control
  • Technical Control
  • Administrative Control
  • Physical Control
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

This Major Security Control…

Discourages an adversary from attempting a violation of security.

A

Deterrent Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

This Major Security Control…

Stops an adversary from violating security.

A

Preventive Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

This Major Security Control…

Identifies potential violations of security.

A

Detective Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

This Major Security Control…

Restores the original state after a violation of security.

A

Corrective Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

This Major Security Category…

Fills the gap left when it is not possible to implement a required control.

A

Compensating Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

This Major Security Control…

Uses technological means to meet a security objective.

A

Technical Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

This Major Security Control…

Uses policy, process, or procedure to meet a security objective.

A

Administrative Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

This Major Security Control…

Uses physical constraints to meet a security objective.

A

Physical Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Personnel security principles include what?

A
  • Need To Know
  • Least Privilege
  • Separation of Duties
  • Two-Person Control
  • Mandatory Vacations/ Job Rotation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

This personnel security principle…

Requires a legitimate business need to accept information.

A

Need To Know

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

This personnel security principle…

Grants individuals the minimum necessary permissions to perform their jobs.

A

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

This personnel security principle…

Blocks someone from having two sensitive privileges in combination.

A

Separation of Duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

This personnel security principle…

Requires two people to perform a sensitive activity.

A

Two-Person Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

This personnel security principle…

Seeks to prevent fraudulent activity by uncovering malfeasance.

A

Mandatory Vacations/ Job Rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Business continuity planning conducts a business ______ ______ and then implements controls designed to keep the business running during adverse circumstances.

A

impact assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Backups provide an important disaster recovery control (T/F)?

A

True!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the three major categories of backup?

A
  • Full Backup
  • Differential Backup
  • Incremental Backup
22
Q

This type of backup…

Copies all files on a system.

A

Full Backup

23
Q

This type of backup…

Copies all files on a system that have changed since the most recent full backup.

A

Differential Backup

24
Q

This type of backup…

Copies all files on a system that have changed since the most recent full or incremental backup.

A

Incremental Backup

25
Disaster recovery sites fit into ____ major categories.
three
26
What are the three major Disaster Recovery Site categories?
- Cold Site - Warm Site - Hot Site
27
This Disaster Recovery Site... - Has support systems - No configured servers - No real-time data
Cold Site
28
This Disaster Recovery Site... - Has support systems - Has configured servers - No real-time data
Warm Site
29
This Disaster Recovery Site... - Has support systems - Has configured servers - Has real-time data
Hot Site
30
Disaster recovery plans require testing (T/F)?
True!
31
What are the five major test types?
- Read-Through/Tabletop - Walkthrough - Simulation - Parallel - Full Interruption
32
In this type of Disaster Recovery (DR) Test Type... Plan participants review the plan and their specific role, either as a group or individually.
Read-through/Tabletop
33
In this type of Disaster Recovery Test Type... The DR team gathers to walk through the steps in the DR plan and verify that it is current and matches expectations.
Walkthrough
34
In this type of Disaster Recovery Test Type... DR team participates in a scenario-based exercise that uses the DR plan without implementing technical recovery controls.
Simulation
35
In this type of Disaster Recovery Test Type... DR team activates alternate processing capabilities without taking down the primary site.
Parallel
36
DR team takes down the primary site to stimulate a disaster.
Full Interruption
37
Information should be ______ based upon its sensitivity to the organization.
Classified
38
What are the common classes of sensitive information?
- Personally Identifiable Information (PII) - Protected Health Information (PHI) - Proprietary Information
39
What is PII?
Personally Identifiable Information - It uniquely identifies individuals.
40
What is PHI?
Protected Health Information - It includes individual health records.
41
What is Proprietary Information?
It contains trade secrets.
42
Only collecting data that is necessary for legitimate business purposes is known as data _______ .
minimization
43
Use _______ technology to ensure that no traces of data remain on media (data remnance) before discarding it.
sanitization
44
_______ performs a delete operation on a file but the data remains on disk.
Erasing
45
_______ overwrites the data with random values to ensure that it is sanitized.
Clearing
46
What are the three Data Roles?
- Data Owner - System Owner - Data Processor
47
This Data Role... Is a senior-level executive who establishes rules and determines controls.
Data Owner
48
This Data Role... Is an Individual responsible for overseeing secure operation of systems.
System Owner
49
This Data Role... Is an individual with access to personal or sensitive information.
Data Processor
50
What is the six-step incident response process that an organization should follow when responding to a security response.
1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery/ Repair Damage 6. Lessons Learned

CompTIA Sec+ SY0-501 (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions