D1 - Security and Risk Management

Question 1

Any single input to a process that, if missing, would cause the process or several processes to be unable to function.

Answer 1

Single Points of Failure (SPOF)

Question 2

Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others.

Answer 2

Trademark

Question 3

Proprietary business or technical information, processes, designs, practices, etc., that are confidential and critical to the buisness.

Answer 3

Trade Secret

Question 4

Determines the potential impact of disruptive events on the organization’s business processes.

Answer 4

Vulnerability Assessment

Question 5

Defined as the difference between the original value and the remaining value of an asset after a single exploit.

Answer 5

Single Loss Expectancy (SLE)

Question 6

A systematic process for identifying, analysing, evaluating, remedying, and monitoring risk.

Answer 6

Risk Management

Question 7

The practice of passing on the risk in question to another entity, such as an insurance company.

Answer 7

Risk Transfer

Question 8

The practice of the elimination of or the significant decrease in the level of risk presented.

Answer 8

Risk Mitigation

Question 9

The practice of coming up with alternatives so that the risk in question is not realised.

Answer 9

Risk Avoidance

Question 10

The practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus benefit of dealing with the risk in another way.

Answer 10

Risk Acceptance

Question 11

A combination of the probability of an event and its consequence. (ISO 27000)

Answer 11

Risk

Question 12

An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (RFC 2828)

Answer 12

Risk

Question 13

The point in time to which data must be restored in order to successfully resume processing.

Answer 13

Recovery Point Objective (RPO)

Question 14

How quickly you need to have that application’s information available after downtime has occurred.

Answer 14

Recovery Time Objective (RTO)

Question 15

Controls implemented to restore conditions to normal after a security incident.

Answer 15

Recovery Controls

Question 16

Controls implemented to prevent a security incident or information breach.

Answer 16

Preventative Controls

Question 17

Controls to protect the organisation’s people and physical environment, such as locks, fire management, gates, and guards; may be called “operational controls” in some contexts.

Answer 17

Physical Controls

Question 18

Protect novel, useful, and nonobvious inventions.

Answer 18

Patent

Question 19

Electronic hardware and software solutions implemented to control access to information and information networks.

Answer 19

Logical (Technical) Controls

Question 20

Granting users only the accesses that are required to perform their job function.

Answer 20

Least Privilege

Question 21

Accountable for ensuring the protection of all the business information assets from intentional and unitentional loss, disclosure, alteration, destruction, and unavailability.

Answer 21

Information Security Officer

Question 22

Comes in two forms; making sure that information is processed correctly and not modified by unauthorised persons, and protecting information as it transits a network.

Answer 22

Integrity

Question 23

A security event that compromises the confidentiality, integrity, or availability of an information asset.

Answer 23

Incident

Question 24

Ensures the business focuses on core activities, clarifies who in the organisation has authority to make decisions, determines accountability for actions and responsibilities for outcomes…

Answer 24

Governance

Question 25

Authorised the President to regulate exports of civilian goods and technologies that have military applications.

Answer 25

Export Administration Act of 1979

Question 26

A process designed to identify potential events that may risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives.

Answer 26

Enterprise Risk Management

Question 27

Is similar to due care with the exception that is a pre-emptive measure made to avoid harm to other persons or their property.

Answer 27

Due Diligence

Question 28

The care a “reasonable person” would exercise under given circumstances.

Answer 28

Due Care

Question 29

Controls designed to specify acceptable rules of behaviour within an organisation.

Answer 29

Directive Controls.

Question 30

Controls designed to discourage people from violating security directives.

Answer 30

Deterrent Controls

Question 31

Controls designed to signal warning when a security control has been breached.

Answer 31

Detective Controls

Question 32

A breach for which it was confirmed that actually disclosed (not just exposed) to an unauthorised party.

Answer 32

Data Disclosure

Question 33

Controls implemented to remedy circumstance,mitigate damage, or restore controls.

Answer 33

Corrective Controls

Question 34

Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recording, databases, and computer programs.

Answer 34

Copyright

Question 35

Supports the principal of “least privilege” by providing that only authorised individuals, processes, or systems should have access to information on a need-to-know basis.

Answer 35

Confidentiality

Question 36

Actions that ensure behaviour that complies with established rules.

Answer 36

Compliance

Question 37

Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.

Answer 37

Compensating Controls

Question 38

An incident that results in the disclosure or potential exposure of data.

Answer 38

Breach

Question 39

The principal that ensures that information is available and accessible to users when needed.

Answer 39

Availability

Question 40

Authorises the President to designate those items that shall be considered as defense articles and defense services and control their import and export.

Answer 40

Arms Export Control Act of 1976

Question 41

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.

Answer 41

Annualised Rate of Occurrence (ARO)

Question 42

Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.

Answer 42

Administrative Controls