Sec+ Chp 1

Card Set Information

Author:
qaustin92
ID:
258556
Filename:
Sec+ Chp 1
Updated:
2014-01-26 23:35:22
Tags:
security plus
Folders:
certs
Description:
Sec+
Show Answers:

Home > Flashcards > Print Preview

The flashcards below were created by user qaustin92 on FreezingBlue Flashcards. What would you like to do?


  1. You are using encryption technology in an attempt to protect a file containing customer credit card numbers from unauthorized access. What information security goal are you pursuing?


    A. Confidentiality

    B. Integrity

    C. Disclosure

    D. Availability
    A. Correct: Confidentiality controls protect information against unauthorized access.Preventing intruders from accessing the credit card file is an example of a confidentialitycontrol.
  2. You are performing a risk assessment of an organization and decide that the likelihood of a particular risk materializing is “low.” What type of risk assessment are you performing?

    A. Operational

    B. Quantitative

    C. Technical

    D. Qualitative
    D. Correct: Qualitative risk assessments use subjective categories, such as “low,”“moderate,” and “high,” to describe the likelihood and impact of risks.
  3. You are conducting a quantitative risk assessment for an organization to identify the risk of a fire in a data center. The data center is valued at $10 million and you expecta fire to occur once every 50 years that will damage three-quarters of the data center(including equipment). What is your exposure factor?
    A. 75 percent
    B. 50 percent
    C. 25 percent
    D. 10 percent
    A. Correct: The exposure factor is the proportion of the asset that will be damaged inthe event of a fire. In this case, that is 75 percent.
    (this multiple choice question has been scrambled)
  4. You are conducting a quantitative risk assessment for an organization to identify the risk of a fire in a data center. The data center is valued at $10 million and you expecta fire to occur once every 50 years that will damage three-quarters of the data center(including equipment). What is your annualized loss expectancy?

    A. 75 percent
    B. $7.5 million
    C. 0.02
    D. $150,000
    D. Correct: The annualized loss expectancy is calculated as the product of the single loss expectancy and the annualized rate of occurrence. The SLE is the asset value($10 million) multiplied by the exposure factor (75 percent), or $7.5 million. The ARO is once every 50 years, or 0.02. The ALE is, therefore, $7,500,000 × 0.02 or$150,000.
    (this multiple choice question has been scrambled)
  5. You are evaluating methods to manage the risk posed to your organization by hackers and decide that you will pursue a strategy of aggressively prosecuting anyone who attempts to break into your systems. What risk management strategy are you implementing?
    A. Risk acceptance
    B. Risk deterrence
    C. Risk mitigation
    D. Risk transference
    B. Correct: Prosecuting attackers reduces the likelihood that others will try to attackyou and is an example of risk deterrence.
    (this multiple choice question has been scrambled)
  6. You are conducting a lessons-learned session to identify gaps in your response to aninformation security incident. What phase in the incident response life cycle are youparticipating in?
    A. Preparation
    B. Detection and analysis
    C. Containment, eradication, and recovery
    D. Post-incident activity
    D. Correct: Conducting a lessons-learned session to identify potential improvements in the incident response process is an important part of the post-incident activity phase.
    (this multiple choice question has been scrambled)

What would you like to do?

Home > Flashcards > Print Preview