Practice Known Questions
Stay up to date with your due questions
Complete 5 questions to enable practice
Exams
Exam: Test your skills
Test your skills in exam mode
Learn New Questions
Manual Mode [BETA]
The course owner has not enabled manual mode
Specific modes
Learn with flashcards
multiple choiceMultiple choice mode
SpeakingAnswer with voice
TypingTyping only mode
Security + - Leaderboard
Security + - Details
Levels:
Questions:
125 questions
| 🇬🇧 | 🇬🇧 |
| Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and internet access. | Acceptable use policy/rules of behavior |
| A calculation used to identify risks and calculate the expected loss each year. | Annual loss expectancy (ALE) |
| A calculation of how often a threat will occur. | Annualized rate of occurrence (ARO) |
| The assessed value of an item (server, property, and so on) associated with cash flow. | Asset value (AV) |
| A study of the possible impact if disruption to a business's vital resources were to occur. | Business impact analysis (BIA) |
| An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses. | Business partners agreement |
| The potential percentage of loss to an asset if a threat is realized. | Exposure factor (EF) |
| The maximum period of time that a business process can be down before the survival of the organization is at risk. | Maximum tolerable downtime (MTD) |
| The measurement of the anticipated lifetime of a system or component. | Mean time between failures (MTBF) |
| The measurement of the average of how long it takes a system or component to fail. | Mean time to failure (MTTF) |
| The measurement of how long it takes to repair a system or component once a failure occurs. | Mean time to restore (MTTR) |
| (MOU term used mostly) A document between 2 or more parties defining their responsibilities in accomplishing a particular goal or mission. | Memorandum of understanding (MOU)/ memorandum of agreement (MOA) |
| The maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable. | Recovery time objective (RTO) |
| A configuration of multiple hard disks used to provide fault tolerance should a disk fail. Different levels of RAID exist. | Redundant array of independent disk (RAID) |
| A strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen. | Risk acceptance |
| A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk. | Risk avoidance |
| The process of calculating the risks that exist in terms of cost, number, frequency, and so forth. | Risk calculation |
| A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk. | Risk mitigation |
| The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack. | Single loss expectancy (SLE) |
| A single weakness that is capable of bringing an entire system down. | Single point of failure (SPOF) |
| 1. Environmental 2. Manmade 3. Internal vs. External | Three primary categories of threats |
| Graphical tool that is used to identify threats; initially a scatterplot of possible problem areas | Risk register |
| 1. annual loss expectancy 2. single loss expectancy 3. annualized rate of occurrence | 3 terms used to determine the impact of an event (for the purpose of risk assessment) |
| SLE x ARO = ALE | Formula for computing risk assessment |
| Used to look at vendors your organization works with strategically and the potential risks the introduce. | Supply chain assessment |
| The way in which an attacker poses a threat | Threat vector |
| Phishing or rough access point (unsecured hotspot) | Examples of threat vectors |
| MTBF is the avg time to failure for a NONREPAIRABLE system. If the system can be repaired, the MTBF is measurement to focus on, but if it cannot, then MTTF is the # to examine. | Difference between Mean Time Between Failures(MTBF) and Mean Time to Failure(MTTF) |
| 1. ensure conformance with applicable legal, regulatory, and policy 2. determine risks and effects 3. evaluate protections and alt processes to mitigate potential privacy risks | According to the Dept. of Homeland Security, the privacy impact assessment (PIA) need 3 things.... |
| 1. penetration testing 2. vulnerability testing | 2 test that can help identify risk |
| 1. avoidance 2. transference 3. mitigation 4. acceptance | 5 responses to risk |
| Mitigation, audits | CompTIA is fond of risk __________ and confronting it through the use of routine _____ that address user rights and permission; change management. |
| DLP systems monitor the contents of systems to make sure that key content is not deleted or removed. | Data loss prevention (DLP) |
| Yes | Can risk strategies such as risk mitigation, risk transference, and risk avoidance be combined? |
| 1. Platform as a Service 2. Software as a Service 3. Infrastructure as a Service | 3 different ways to implement cloud computing |
| Vendors allow apps to be created and run on their infrastructure. Ex: Amazon Web Service. | Platform as a Service (PaaS) |
| Utilizes virtualization, and clients pay a cloud service provider for resources used. | Infrastructure as a service (IaaS) |
| Apps are remotely run over the web. No local hardware is required. | Software as a Services |
| Utilizes virtualization, and clients pay a cloud service provider for resources used. | Infrastructure as a Service |
| Outlines what the policy intends to accomplish and which docs, laws, and practices the policy addresses. | Scope Statement |
| Provides the goal of the policy as to why is important, and how to comply with it. | Policy Overview Statement |
| Provides information to the reader about who to contact if a problem is discovered. | Accountability Statement |
| Specific guidance about the procedure of process that must be followed in order to deviate from the policy. | Exception Statement |
| Policies | Standards are derived from_______. |
| Provides an overview and statement of the guideline's intent. | Scope and Purpose |
| Provide the step-by-step instructions or procedures on how to accomplish a task in a specific manner. | Guideline Statements |
| Specify and identify what duties are required and at what intervals. | Operational Considerations |
| Serves as a the baseline for business and covers what is expected on a regular basis. | Standard Operating Procedure (SOP) |
| Requires employees to take time away from work to refresh. | Mandatory Vacation Policy |
| Intervals at which employees must rotate through positions. | Job rotation policy |
| Reduced the risk of fraud and to prevent other losses in an organization. | Separation of Duties Policies |
| An agreement between 2 or more parties established for the purpose of committing deception or fraud. | Collusion |
| Describe how the employees in an organization can use company systems and resources, both software and hardware. | Acceptable Use Policy |
| Defines what controls are required to implement and maintain the security of systems, users, and networks. | Security Policies |
| Events that aren't really incidents. Type II errors: fail to notice a problem even though it is there. | False Positive |
| You are not alerted to a situation when you should be alerted. Missed something crucial. | False Negatives |
| The impact a loss would have on the organization. | What does the Business Impact Analysis focus on? |
| Allows for distributing the load so that no device is overly burdened . | Distributive Allocation |
| The measures, such as redundancy, failover, and mirroring, used to keep services and systems operational during an outage. | High Availability (HA) |
| To continue of function in the absence of power for only a short duration. | Uninterruptible power supply (UPS) will allow.... |
| A value based on the value of the data stored in each disk location. | Parity Information |
| RAID Level 5 | Most common form of raid? |
| The de facto source for international standards | International Organization for Standardization (ISO) |
| Guidance for cloud security | ISO 27017 |
| Publishes electrical power companies | North American Electric Reliability Corporation (NERC) |
| Provides a broad overview of computer security. Primarily deals with areas of security controls | NIST Special Publication 800-12 |
| Organizes security measures into families of controls, such as assessment, access control, incident response, and others. | NIST SP 800-53 |
| Guide to industrial control system (ICS) security, is specific to industrial control systems. | Special Publication 800-82, Rev. 2 |
| Overview of information security | NIST 800-35 |
| The security controls and objectives that companies that process credit cards should implement. Used by Visa, MasterCard, and Discover | Payment Card Industry Data Security Standard |
| These are computers, network segments, and systems that have no highly sensitive info, and the breach of these systems would have minimal impact. | Low Security Zone |
| These are standard workstations and servers, with typical business data and functionality. | General Work Zone |