Chapters 19-20
(p.703) Which statistical term is a representation of the frequency of the event, measured in a standard year?
D. ARO
(p. 678) Which RAID configuration, known as block-striped with error check, is a commonly used method that stripes the data at the block level and spreads the parity data across the drives?
D. RAID 5
(p. 696) What is the first step in the general risk management model?
A. Asset identification
(p. 689) Which action is an example of transferring risk?
A. Management purchases insurance for the occurrence of the risk.
(p. 686) Which term refers to the possibility of suffering harm or loss?
A. Risk
(p. 703) If you have a farm of five web servers and two of them break, what is the exposure factor (EF)?
C. 40 percent
(p. 697) Which event is an example of a tangible impact?
C. Endangerment of staff or customers
(p. 676) Which term refers to refers to the predicted average time that will elapse before failure (or between failures) of a system?
C. Mean time to failure
(p. 678) Which RAID configuration, known as byte-striped with error check, spreads the data across multiple disks at the byte level with one disk dedicated to parity bits?
C. RAID 3
(p. 698) Which term refers to a risk that remains after implementing controls?
C. Residual risk
(p. 695) Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure?
D. Change management
(p. 662) Which backup requires a small amount of space and is considered to have a complex restoration process?
D. Delta
(p. 657) Which plan defines the data and resources necessary and the steps required to restore critical organizational processes?
D. Disaster recovery plan (DRP)
(p. 662) Which backup technique requires a large amount of space and is considered to have a simple restoration process?
D. Full
(p. 669) substitutions in the event that the primary person is not available to fulfill their assigned duties?
B. Succession planning
(p. 713) Which term refers to the path or tool used by an attacker to attack a target?
B. Threat vector
(p. 661) Which strategy has the goal of defining the requirements for business continuity?
B. Recovery time objective (RTO)
(p. 704) Which calculated value determines the threshold for evaluating the cost/benefit ratio of a given countermeasure?
B. ALE
(p 712) Which management tool is used for identifying relationships between a risk and the factors that can cause it?
B. Cause and effect analysis
(p. 675) Which term refers to the ability to distribute the processing load over two or more systems?
B. Load balancing
(p. 672) Which item should be available for short-term interruptions, such as what might occur as the result of an electrical storm?
B. Uninterruptible power supply (UPS)
(p. 671) Which alternative site is designed to be operational within a few days?
B. Warm site
(p. 671) Which alternative site is partially configured, usually having peripherals and software, but perhaps not the more expensive main processing components?
B. Warm site
(P. 690) A control classified as preventative has to be known by a person in order to be effective.
False
(P. 697) For an intangible impact, assigning a financial value of the impact is easy.
False
(P. 698) All risks need to be mitigated or controlled.
False
(Pg 661) Backups can prevent a security event from occurring.
False
(Pg 663) The archive bit is cleared in a differential backup.
False
(P. 705) The impact of an event is a measure of the actual loss when a threat exploits a vulnerability.
True
(P. 705) Usually risk management includes both qualitative and quantitative elements.
True
(Pg 668) A major focus of the disaster recovery plan (DRP) is the protection of human life.
True
(Pg 672) The interruption of power is a common issue during a disaster.
True
(Pg 678) RAID increases reliability through the use of redundancy.
True
