Risk Management . Flashcards Preview

CompTIA Sec+ SY0-501 > Risk Management . > Flashcards

Flashcards in Risk Management . Deck (50)
Loading flashcards...
1

Risks are the combination of a ______ and a corresponding _______.

- Threat
- Vulnerability

2

What two formulas does Quantitative risk assessments use?

SingleLossExpectancy = AssetValue x ExposureFactor
OR
AnnualizedLossExpectancy = AnnualizedRateOfOccurence x SLE

3

What four things are included in a response to a risk & how do you implement these responses?

- AVOID risks by changing business practices.
- MITIGATE risks by implementing controls.
- ACCEPT risks and continue operations.
- TRANSFER risks through insurance or contract.

4

What are the 8 major categories of security controls?

- Detterent Control
- Preventive Control
- Detective Control
- Corrective Control
- Compensating Control
- Technical Control
- Administrative Control
- Physical Control

5

This Major Security Control...

Discourages an adversary from attempting a violation of security.

Deterrent Control

6

This Major Security Control...

Stops an adversary from violating security.

Preventive Control

7

This Major Security Control...

Identifies potential violations of security.

Detective Control

8

This Major Security Control...

Restores the original state after a violation of security.

Corrective Control

9

This Major Security Category...

Fills the gap left when it is not possible to implement a required control.

Compensating Control

10

This Major Security Control...

Uses technological means to meet a security objective.

Technical Control

11

This Major Security Control...

Uses policy, process, or procedure to meet a security objective.

Administrative Control

12

This Major Security Control...

Uses physical constraints to meet a security objective.

Physical Control

13

Personnel security principles include what?

- Need To Know
- Least Privilege
- Separation of Duties
- Two-Person Control
- Mandatory Vacations/ Job Rotation

14

This personnel security principle...

Requires a legitimate business need to accept information.

Need To Know

15

This personnel security principle...

Grants individuals the minimum necessary permissions to perform their jobs.

Least Privilege

16

This personnel security principle...

Blocks someone from having two sensitive privileges in combination.

Separation of Duties

17

This personnel security principle...

Requires two people to perform a sensitive activity.

Two-Person Control

18

This personnel security principle...

Seeks to prevent fraudulent activity by uncovering malfeasance.

Mandatory Vacations/ Job Rotation

19

Business continuity planning conducts a business ______ ______ and then implements controls designed to keep the business running during adverse circumstances.

impact assessment

20

Backups provide an important disaster recovery control (T/F)?

True!

21

What are the three major categories of backup?

- Full Backup
- Differential Backup
- Incremental Backup

22

This type of backup...

Copies all files on a system.

Full Backup

23

This type of backup...

Copies all files on a system that have changed since the most recent full backup.

Differential Backup

24

This type of backup...

Copies all files on a system that have changed since the most recent full or incremental backup.

Incremental Backup

25

Disaster recovery sites fit into ____ major categories.

three

26

What are the three major Disaster Recovery Site categories?

- Cold Site
- Warm Site
- Hot Site

27

This Disaster Recovery Site...

- Has support systems
- No configured servers
- No real-time data

Cold Site

28

This Disaster Recovery Site...

- Has support systems
- Has configured servers
- No real-time data

Warm Site

29

This Disaster Recovery Site...

- Has support systems
- Has configured servers
- Has real-time data

Hot Site

30

Disaster recovery plans require testing (T/F)?

True!