SEARCH
🇬🇧
MEM
O
RY
.COM
4.37.48
Guest
Log In
Â
Homepage
0
0
0
0
0
Create Course
Courses
Last Played
Dashboard
Notifications
Classrooms
Folders
Exams
Custom Exams
Help
Leaderboard
Shop
Awards
Forum
Friends
Subjects
Dark mode
User ID: 999999
Version: 4.37.48
www.memory.com
You are in browse mode. You must login to use
MEM
O
RY
  Log in to start
Index
 »Â
Security +
 »Â
Chapter 1
 »Â
Ch. 1:Risk & Assessment
level: Ch. 1:Risk & Assessment
Questions and Answers List
level questions: Ch. 1:Risk & Assessment
Question
Answer
1. Environmental 2. Manmade 3. Internal vs. External
Three primary categories of threats
graphical tool that is used to identify threats; initially a scatterplot of possible problem areas
risk register
1. annual loss expectancy 2. single loss expectancy 3. annualized rate of occurrence
3 terms used to determine the impact of an event (for the purpose of risk assessment)
SLE x ARO = ALE
formula for computing risk assessment
used to look at vendors your organization works with strategically and the potential risks the introduce.
supply chain assessment
the way in which an attacker poses a threat
threat vector
phishing or rough access point (unsecured hotspot)
examples of threat vectors
MTBF is the avg time to failure for a NONREPAIRABLE system. If the system can be repaired, the MTBF is measurement to focus on, but if it cannot, then MTTF is the # to examine.
Difference between Mean Time Between Failures(MTBF) and Mean Time to Failure(MTTF)
Identifies the adverse impacts that can be associated with the destruction, corruption, or loss of accountability of data for the organization. *Often associated with the business impact analysis.
privacy impact assessment
1. ensure conformance with applicable legal, regulatory, and policy 2. determine risks and effects 3. evaluate protections and alt processes to mitigate potential privacy risks
According to the Dept. of Homeland Security, the privacy impact assessment (PIA) need 3 things....
1. penetration testing 2. vulnerability testing
2 test that can help identify risk
1. avoidance 2. transference 3. mitigation 4. acceptance
5 responses to risk
mitigation, audits
CompTIA is fond of risk __________ and confronting it through the use of routine _____ that address user rights and permission; change management.
DLP systems monitor the contents of systems to make sure that key content is not deleted or removed.
Data loss prevention (DLP)
yes
Can risk strategies such as risk mitigation, risk transference, and risk avoidance be combined?
hosting services and data on the internet instead of hosting it locally. "the cloud"
cloud computing
1. Platform as a Service 2. Software as a Service 3. Infrastructure as a Service
3 different ways to implement cloud computing
Vendors allow apps to be created and run on their infrastructure. Ex: Amazon Web Service.
Platform as a Service (PaaS)
utilizes virtualization, and clients pay a cloud service provider for resources used.
infrastructure as a service (IaaS)
apps are remotely run over the web. No local hardware is required.
Software as a Services
utilizes virtualization, and clients pay a cloud service provider for resources used.
Infrastructure as a Service
