Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) > Module 6 - IT Risk Assessment - Q&A > Flashcards

Module 6 - IT Risk Assessment - Q&A Flashcards

1
Q 
Which of the following is expressed as a potential percentage of loss of an asset?
A. Exposure factor
B. Asset value
C. Depreciation value
D. Single loss expectancy
A

A. The exposure factor is the potential percentage of loss of an asset.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does SLE stand for and how is it determined?

A

SLE (Single Loss Expectancy) = AV (Asset Value) * EF (Exposure Factor)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q 
Which elements of risk are the primary concern in a risk assessment? (Choose two.)
A. Threat
B. Likelihood
C. Vulnerability
D. Impact
A

B, D. Likelihood and impact are the risk elements of primary concern in a risk assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q 
Which of the following terms describes the time period between potential major failures of a hardware component?
A. MTBF
B. MTTF
C. MTTR
D. Recovery point objective
A

A. The mean time between failures (MTBF) is a term that describes the time between potential component failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is ALE, and how is it determined?

A

ALE (Annualized Loss Expectancy) = SLE (Single Loss Expectancy) x ARO (Annualized Rate of Occurrence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following steps should come immediately after “determine the likelihood of occurrence” in the NIST SP 800-30 risk assessment process?
A. Determine risk.
B. Identify threat sources and events.
C. Identify vulnerabilities and predisposing conditions.
D. Determine the magnitude of impact.

A

D. “Determine the magnitude of impact” comes after the “determine the likelihood of occurrence” step in the NIST SP 800-30 risk assessment process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q 
Which of the following factors are used to compute single loss expectancy (SLE)? (Choose two.)
A. ARO
B. EF
C. AV
D. ALE
A

B, C. Exposure factor (EF) and asset value (AV) are used to compute single loss expectancy (SLE).

SLE = AV x EF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is ARO, and how is it determined?

A

ARO (Annualized Rate of Occurrence) is how many times per year you would expect a particular negative event to occur, resulting in a loss of the asset. It is determined using historical data, research on industry norms, and even educated guesses based on the best data available.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following would be considered descriptive values in a qualitative risk assessment?
A. High, medium, and low
B. SLE = AV × EF
C. ALE = SLE × ARO
D. Cost = $ 10,000, Exposure Factor = .60

A

A. Values of high, medium, and low would be considered descriptive values in a qualitative risk assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q 
Which of the following risk assessment methods would use concrete values of cost and statistical data?
A. Qualitative
B. Quantitative
C. Threat assessment
D. Vulnerability assessment
A

B. Quantitative risk assessment methods would use concrete values of cost and statistical data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Given that an asset cost $ 20,000 to replace, and the cost of the controls the company must implement to protect the asset total $ 5000, which of the following would be the best approach to risk response?
A. Do not spend the money on the mitigating control and accept the risk.
B. Implement the controls in a risk mitigation response strategy.
C. Avoid the risk by not using the asset.
D. Insure the asset for its depreciated value of $ 10,000.

A

B. Given that the cost of implementing controls to protect the asset is far less than the replacement value of the asset, the best approach would be to implement the required controls in a risk mitigation response strategy. This is not the best scenario for risk acceptance, simply because the risk does not go away and it will cost the company the replacement value of the asset in the future. Obviously, avoiding the risk and not using the asset is not an option, since the asset is of some value to the company and is required for its business. Insuring the asset for less than its replacement value will still cost the company money in the end; in this scenario it would be twice the cost required for implementing controls to mitigate the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q 
Which of the following are used to compute annualized loss expectancy (ALE)? (Choose two.)
A. AV
B. EF
C. ARO
D. SLE
A

C, D. Annualized rate of occurrence (ARO) and single loss expectancy (SLE) are the factors used to compute annualized loss expectancy (ALE).

ALE = SLE x ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q 
Which of the following would be considered an internal risk factor?
A. Economy
B. Legal governance
C. Organizational structure
D. Market
A

C. Organizational structure would be considered an internal risk factor, since the organization has direct control over it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Mike Meyers' CompTIA Security+ Certification Guide (Exam SY0-401) (40 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions