Risks Management

Question 1

Security Policy Framework Levels

Answer 1

Policies
Standards
Guidelines
Procedures

Question 2

Risk Factors

Answer 2

Likelihood/probability

Impact

Question 3

Risk Assessment Methods

Answer 3

Qualitative

Quantitative

Question 4

Define an AV

Answer 4

Asset Value

Question 5

AV Assessment Methods

Answer 5

Original
Depreciated
Replacement

Question 6

Define the EF

Answer 6

Exposure Factor; percent of asset effected

Question 7

Define SLE

Answer 7

Single Loss Expectancy; AV * EF

Question 8

Define ARO

Answer 8

Annualized Rate of Occurrence; likely number of occurrences per a year

Question 9

Define ALE

Answer 9

Annualized Loss Expectancy; ALE = SLE * ARO

Question 10

Define MTTF

Answer 10

Mean Time to Failure, for non replaceable components

Question 11

Define MTBF

Answer 11

Mean Time Between Failures, for replaceable components

Question 12

Define MTTR

Answer 12

Mean Time To Repair, average restoration time

Question 13

Risks Response Types

Answer 13

Avoidance
Transference
Mitigation/Deterrence
Acceptance

Question 14

Risk Register Components

Answer 14

Description
Categorization
Probability
Impact
Mitigation

Question 15

Risk Assessment Sources

Answer 15

Vulnerability Scans
Penetration Test
Audits
OS Threat Intelligence
Consulting/Vendor

Question 16

Types of Vendor Agreements

Answer 16

SLR/SLA
MOU/MOA
BPA/BPO
ISA

Question 17

Define SLR

Answer 17

Service-Level Agreement; outlines service providers commitment to client

Question 18

Define MOU/MOA

Answer 18

Memorandum of Understanding/Agreement

Question 19

Define BPA

Answer 19

Business Partnership Agreement

Question 20

Define ISA

Answer 20

Interconnection Service Agreement; joins networks outlining technical and security requirements

Question 21

Personnel Risk Management Key Principles

Answer 21

Need to Know
Least Privilege
Separation of Duties

Question 22

Define a BCP

Answer 22

Business Continuity Planning; focus on maintaining availability

Question 23

Define a BIA

Answer 23

Business Impact Assessment

Question 24

BIA Risk Concerns

Answer 24

Safety
Financial
Reputation

Question 25

Define High Availability

Answer 25

Multiple-systems for same purpose

Question 26

Fault Tolerance Methods

Answer 26

Power Supply

Memory Storage

Question 27

Describe RAID O

Answer 27

Striping
Performance, no Redundancy
1 or more disks

Question 28

Describe RAID 1

Answer 28

Mirroring
Redundancy, low performance
2 or more disks

Question 29

Describe RAID 5

Answer 29

Striping with Parity
Performance and Redundancy
3 or more disks

Question 30

Describe RAID 6

Answer 30

Striping with Double Parity

4 or more disks

Question 31

Describe RAID 10 (also called RAID 1 + 0/0 + 1)

Answer 31

Striping and Mirroring

4 or more disks

Question 32

Define RTO

Answer 32

Recover Time Objective, goal recovery time

Question 33

Define RPO

Answer 33

Recovery Point Objective, restoration point to return to after an incident

Question 34

Backup Types

Answer 34

Full
Differential
Incremental
Snapshot

Question 35

Describe Full Backups

Answer 35

Backup everything;
Slow backup speed
Fast restoration speed

Question 36

Describe Differential Backups

Answer 36

Backup changes since last full;
Medium backup speed
Medium restoration speed

Question 37

Describe Incremental Backups

Answer 37

Backup changes since last full or incremental;
Fast backup speed
Slowest restoration speed

Question 38

Define a system Snapshot

Answer 38

Capture disk image at a moment in time
Less storage space requirements
Quick backups

Question 39

Grandfather-Father-Son Backup Media Rotation Method

Answer 39

4 devices backup daily, 1 per a day Monday-Thursday
4 devices backup weekly, 1 per a week for 4 weeks
4 devices backup monthly, 1 per a month for 4 months

Question 40

Define 3-2-1 Backup Rule

Answer 40

2 Backups on site

1 Backup off-site

Question 41

Alternate Processing Facility Types

Answer 41

Hot
Cold
Warm

Question 42

Describe a Hot Site

Answer 42

Fully operational
Quickest restoration (hrs)
Expensive

Question 43

Describe a Cold Site

Answer 43

Empty facility
Slowest restoration (weeks)
Least expensive

Question 44

Describe a Warm Site

Answer 44

Hardware and Software ready
Medium restoration speed (days)
Medium expenses

Question 45

Define Alternate Business Processes

Answer 45

Utilizing alternative methods to accomplish same business purpose

Question 46

Backup Site Location Considerations

Answer 46

Close enough for relocation of employees
Far enough to not be impacted by same disaster
Ease of access
Away from other industrial facilities
Data sovereignty (only applies to location of storage)

Question 47

Disaster Response Plan Testing Methods

Answer 47

Read through
Walk through
Simulation
Parallel Test
Full Interruption

Question 48

Define CIRT

Answer 48

Cyber Incident Response Team

Question 49

CIRT Members

Answer 49

Management
Information Security
Subject Matter Experts
Legal
Public Affairs
HR
Finance

Question 50

Evidence Types

Answer 50

Real/Physical
Documentary
Testimonial

Question 51

Types of Testimonial Evidence

Answer 51

Direct, by first degree observation

Expert Opinion

Question 52

Define Hearsay

Answer 52

Testimonial evidence not given from the first person degree (i.e. “I heard someone else say”)

Question 53

Documentary Evidence Considerations

Answer 53

Authenticated
Best available
Parole Evidence

Question 54

Define Best Available Evidence

Answer 54

Original or closest to the original evidence

Question 55

Define Parole Evidence Rule

Answer 55

Assumes documentary evidence is entire and final

Question 56

Digital Forensic Order of Volatility

Answer 56

Cache, registers
ARP Cache, routing table, memory, kernel statistics, process table
Temporary files
Disks
Monitoring data and remote logs
Physical configuration and network topology
Archived media

Question 57

Purpose of Write Blockers

Answer 57

Intercept/prevent request to alter evidence

Question 58

Purpose of Hashing Collected Evidence

Answer 58

Compare later hashes with initial for data integrity

Question 59

Storage Bag Labeling Criteria

Answer 59

Name
Date and Time
Contents
Tamper Seal

Question 60

Data Owner’s Role

Answer 60

administrative control and has been officially designated as accountable for a specific information asset dataset

Question 61

Data Steward’s Role

Answer 61

Handle data governance and policy on behalf of the Data Owner

Question 62

Data Custodian’s Role

Answer 62

technical control over an information asset dataset

Question 63

Define PTA

Answer 63

Privacy Threshold Analysis, determine necessity for privacy controls

Question 64

Define PIA

Answer 64

Privacy Impact Analysis, evaluate sufficiency of privacy controls

Question 65

Adverse Background Check Notification PRocess

Answer 65

Investigation
Pre-adverse notification
Employee Response

Question 66

Incident Response Phases

Answer 66

Preparation
Identification
Containment
Investigation
Eradication
Recovery
Follow Up

Question 67

Uses of Captive Portals

Answer 67

Monitor/limit Network Activity
User agreements
Branding

Question 68

Insider Protection Methods

Answer 68

Content and email filter

Strong security policies

Question 69

Government Information Classification Standards

Answer 69

Top Secret- “exceptionally grave damage”
Secret- “serious damage”
Confidential- “damage”
Unclassified- available for general use

Question 70

Define Private Information

Answer 70

Information relating to an individual (i.e. PII, PHI)

Question 71

ISO 27001 Information Classification Standards

Answer 71

Confidential (top confidentiality level)
Restricted (medium confidentiality level)
Internal use (lowest level of confidentiality)
Public (everyone can see the information)

Question 72

Least Effective Means of Purging Media

Answer 72

Degaussing

Question 73

Define Security Policy

Answer 73

High-level, general statement about role of security

Question 74

Define Standard

Answer 74

Legal, industry, or best business practices

Question 75

Use of Code Escrow

Answer 75

Protect against vendor lack of support in the event they go out of business

Question 76

Network Protection Steps

Answer 76

ID and document user access permissions
ID high-value assets
Document trust boundaries
ID choke points on the network
Segregate and isolate the network
Isolate server functions
Physically secure high-value systems

Question 77

Memory Dump Methods

Answer 77

Save and extract the page file

Save contents of physical RAM

Question 78

Forensic Cloning Method

Answer 78

bit-level cloning

Question 79

Instant Messaging Vulnerability

Answer 79

Lack of encryption

Question 80

Define the Delphi Method

Answer 80

anonymous survey to determine value of an asset

Question 81

Define Two-Man Control

Answer 81

Tasks which require dual custody due to sensitivity

Question 82

Backup Data Loss Protection Method

Answer 82

Test restoration procedures

Question 83

Purpose of an Archive Bit

Answer 83

Indicates whether a file has been modified (set if modified)