Domain 1 set 5

Question 1

Wassenaar Agreement

Answer 1

Export Restriction

No exporting strong encryption or bombs

Question 2

ARO

Answer 2

Annual Rate Of Occurrence

How often the threat is expected

Question 3

EF

Answer 3

Exposure Factor

the % of loss that is expected from an risk event

Question 4

Asset Value X Exposure Factor = ?

Answer 4

SLE

Question 5

GLBA

Answer 5

Gramm -Leach - Bailey Act

Covers Financial institutions

Question 6

HIPAA

Answer 6

Health Insurance Portability and Accountability Act

Question 7

Typosquatting

Answer 7

URL Hijacking

Question 8

Cybersquatting

Answer 8

domain squatting

Question 9

STRIDE

Answer 9

Is a Threat categorization scheme from Microsoft

spoofing
tampering
repudiation
info disclosure
DOS attack
Elevation of privilege

Question 10

The First step of a BCP should perform?

Answer 10

(BOA) Business Organization Analysis

Question 11

SOX

Answer 11

Sarbanes - Oxlet Act of 2002

Publicly traded companies have regulation on financial reports

Question 12

Software code is a threat to what CIA

Answer 12

Availability

Question 13

Code injection is a threat to what CIA

Answer 13

Integrity

Question 14

Keylogger is a threat to what CIA

Answer 14

Confidentiality

Question 15

4 CIA Confidentiality threats

Answer 15

1. Attacks on Encryption
2. Social Engineering
3. Key Logger
4. IOT internet of Things

Question 16

MOA /MOU

Answer 16

Memorandums of Agreement / understanding for Essential personnel

Question 17

IAAA

Answer 17

A frame work
Identification
Authentication
Authorization
Accountability

Question 18

IPS / IDS ensure what of CIA

Answer 18

Availability

Question 19

Patch management ensure what of CIA

Answer 19

Availability

Question 20

Entrapment is a ?

Answer 20

Solid legal defense strategy

Question 21

ISO 27799 standard is focused around?

Answer 21

Protecting PHI

Question 22

Exigent circumstance is?

Answer 22

Immediate threat to Human life or evidence destruction.

Only applies to law enforcement or “ under the color of law”

Question 23

IT logs and Documents are what type of Evidence?

Answer 23

Secondary Evidence

Question 24

When you see something, what type of evidence?

Answer 24

Direct Evidence

Question 25

Counterfeiting is ?

Answer 25

an attack on trademarks

Question 26

Allows search and seizure without immediate disclosure

Answer 26

Patriot Act of 2001

Question 27

The Control Framework that is focused on IT service management

Answer 27

ITIL

Question 28

"The Majority of the proof" relate to what law?

Answer 28

Civil Law

Question 29

To much integrity what will suffer?

Answer 29

Availability

Question 30

Tangible and physical objects are what type of evidence

Answer 30

Real evidence Hard drives, usb sticks but not the data on them.

Question 31

To much confidentiality what will suffer?

Answer 31

Availability

Question 32

Honeypots and honeynets need to be appoved by who?

Answer 32

Senior management and legal department

Question 33

To much Availability what will suffer?

Answer 33

confidentiality and integrity

Question 34

Password hashing with salting is what part of the CIA?

Answer 34

Integrity

Question 35

The 3 Rules of HIPAA

Answer 35

1. privacy Rule 2. security Rules 3. Breach notification Rules