CH 8. QUIZ

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

What is a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

Which recovery site option provides readiness in minutes to hours?

Hot site

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Preventive

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

Reduce

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

disaster

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer