Risk Flashcards Preview

CompTIA Security+ SY0-501 > Risk > Flashcards

Flashcards in Risk Deck (19)
Loading flashcards...
1

What is Risk?

Possibility of a threat exploiting a vulnerability

2

What is technical control?

Technology security i.e 802.11i

3

What is management control?

Risk/vulnerability assessment
Written security policy
Mandatory vacation

4

What is operational control?

Change management/procedure
Ensure day-to-day operations comply with security policy

5

What is a false positive?

IPS/IDS recoginises malicious trraffic when there isn't

6

What is a false negative?

IPS/IDS fails to recognise malicious traffic

7

What is mandatory vacation?

Can reduce collusion and fraud of employees

8

How is separation of duties more secure?

Developer creates application
Team implements software (i.e possible backdoor in software for dev)

9

What is SLE?

Single loss expectancy

10

What is ARO?

Annualised Rate of Occurrence
i.e 5 year failure 1/5 = 0.2 ARO

11

What is ALE?

Annualised Loss Expectancy
ALE = SLE * ARO

12

What is a Software escrow

Source code of application available via provider company in event application is no longer supported

13

What is MTTR?

Mean Time to Restore

14

What is MTTF?

Mean Time to Failure
regarding non-repairable systems

15

What is MTBF?

Mean Time Between Failure

16

What entails risk acceptance?

Not paying for a countermeasure because the loss is less expensive

17

What is risk transference?

Insurance from a 3rd party contractor for equipment servicing and replacement

18

What is RTO?

Recovery Time Objective

19

What is RPO?

Recovery Point Objective
retention period for restoration