Security and Risk Management Flashcards Preview

CISSP Exam 2018 > Security and Risk Management > Flashcards

Flashcards in Security and Risk Management Deck (36)
Loading flashcards...
1

Information security objectives are to provide:

A) Accountability, Confidentiality and Integrity
B) Confidentiality, Audit and Availability
C) Availability, Confidentiality and Integrity
D) None of the above

C) Availability, Confidentiality and Integrity

2

A(n) _____ is a weakness in a system which allows a threat source to compromise its security.

A) Vulnerability
B) Risk
C) Exploit
D) None of the above

A) Vulnerability

3

A ______ is the possibility that someone or something could exploit a vulnerability, accidentally or intentionally, causing harm to an asset.

A) Risk
B) Threat
C) Vulnerability
D) Exploit

B) Threat

4

A _____ is the probability of a threat agent exploiting a vulnerability and the potential for loss from that exploit.

A) Loss Expectancy
B) Risk
C) Likelihood
D) Residual Risk

B) Risk

5

What mitigates a risk?

i. Countermeasure
ii. Avoidance
iii. Control
iv. Safeguard

A) i
B) ii and iii
C) i, iii, iv
D) All of the above

C) i, iii, iv

'Countermeasure', 'control' and 'safeguard' may be used interchangeably for the same mitigation of risk.

'Avoidance' and 'mitigation' of risk are two different options for addressing risk; 'avoidance' does not itself 'mitigate' risk.

6

A control can be characterized by one of the following :

A) Avoidance, acceptance, or transference
B) Administrative, technical, or empirical
C) Logical, mitigation or remediation
D) Administrative, technical, or physical

D) Administrative, technical, or physical

7

A ____ control is put into place for financial or business function reasons.

A) Adminstrative
B) Acceptance
C) Compensating
D) None of the above

C) Compensating

8

One framework for IT governance and control objectives is:

A) Six Sigma
B) NIST
C) SANS
D) COBIT

D) COBIT

9

The standard for the establishment, implementation, control and improvement of of the information security management system is:

A) ISO 27005
B) ISO 27004
C) ISO 27001
D) OCTAVE

C) ISO 27001

10

What is used to develop architectures for specific stakeholders and to present information in 'views'?

A) Constrained user interfaces
B) The KANBAN methodology
C) NIST 800-53
D) Enterprise architecture frameworks

D) Enterprise architecture frameworks

11

A coherent set of policies, processes and systems to manage risks is, according to ISO27001, called:

A) Risk management lifecycle
B) SIEM
C) Information Security Management System (ISMS)
D) None of the above

C) Information Security Management System (ISMS)

12

Enterprise security architecture is a subset of:

A) Data architecture
B) Enterprise architecture
C) Business architecture
D) Classical architecture

C) Business architecture

13

A _____ is a functional definition for the integration of technology into business processes.

A) Roadmap
B) Blueprint
C) Procedure
D) None of the above

B) Blueprint

14

Enterprise architecture is used to build individual architectures that best map to:

A) Users
B) Business teams
C) Business drivers
D) All of the above

C) Business drivers

15

SABSA is a(n):

A) Capability Maturity Model
B) Security enterprise architecture framework
C) Enterprise architecture framework
D) Continuous improvement process

B) Security enterprise architecture framework

16

____ is a governance model used to help prevent fraud within a corporate setting.

A) PCI-DSS
B) COSO Internal Control-Integrated Framework
C) Sarbanes Oxley
D) SANS

B) COSO Internal Control-Integrated Framework

17

____ is/are a set of best practices for service management.

A) ISO
B) NIST
C) ITIL
D) All of the above

C) ITIL

18

A framework used to identify process defects in order to remedy them is:

A) CMMI
B) SABSA
C) ITIL
D) Six Sigma

D) Six Sigma

19

____ is a maturity model which allows for processes to improve in an incremental and standard fashion.

A) SABSA
B) Six Sigma
C) CMMI
D) ITIL

C) CMMI

20

Security enteprise architecture should include:

i. Strategic alignment
ii. Control implementation
iii. Business enablement
iv. Business planning

A) i, iii
B) i, iv
C) ii, iii
D) i, ii, iii

C) ii, iii

21

NIST 800-53 identifies which of the following control categories:

i. Procedural
ii. Business
iii. Technical
iv. Operational
v. Management

A) i, iii, iv
B) ii, iii, iv
C) iii, iv, v
D) ii, iii, iv

C) iii, iv, v

22

The civil law system:

A) Is based on pre-written rules
B) is based on precedence
C) Is different from tort law
D) Both A and C

D) Both A and C

23

The common law system made up of:

A) Criminal laws
B) Civil laws
C) Administrative laws
D) All of the above

D) All of the above

24

A customary law system:

A) Addresses primarily personal conduct
B) Uses local/regional customs and traditions as its foundation
C) Is usually mixed with another type of legal system
D) All of the above

D) All of the above

25

A religious law system:

A) Derives its laws from religious belief and addresses individual religious responsibilities
B) Is based on common law
C) Is based on civil law
D) None of the above

A) Derives its laws from religious belief and addresses individual religious responsibilities

26

A mixed law system:

A) Uses only civil and common law
B) Uses only civil and customary law
C) Uses two or more legal systems
D) None of the above

C) Uses two or more legal systems

27

____ deals with individual conduct that violates government laws which protect the public.

A) Tort law
B) Criminal law
C) Common law
D) Civil law

B) Criminal law

28

____ deals with wrongs committed against an individual or companies which result in injuries or damages.

A) Tort law
B) Criminal law
C) Common law
D) Civil law

D) Civil law

29

What type of law deals with standards of performance or conduct for companies, industries and officials?

A) Civil law
B) Administrative law
C) Tort law
D) Statutes

B) Administrative law

30

What grants ownership rights and enables the owner to enforce those rights?

A) Copyright
B) Trademark
C) Patent
D) All of the above

C) Patent