GBA 6780 - Chapter 8 Quiz

¡Supera tus tareas y exámenes ahora con Quizwiz!

T/F: A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.

False

T/F: Risk refers to the amount of harm a threat exploiting a vulnerability can cause.

False

T/F: With adequate security controls and defenses, an organization can often reduce its risk to zero.

False

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered? -Threat -Vulnerability -Risk -Impact

Vulnerability

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime? -Clustering -Warm site -Load balancing -Redundant Array of Inexpensive Disks (RAID)

Warm site

T/F: While running business operations at an alternate site, you must continue to make backups of data and systems.

True

T/F: The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.

True

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facilities, which has a $10 million value. Given this scenario, what is the exposure factor? -1 percent -10 percent -20 percent -50 percent

20 percent

What is a key principle of risk management programs? -Security controls should be protected through the obscurity of their mechanisms -Don't spend more to protect an asset than it is worth -Apply controls in ascending order of risk -Risk avoidance is superior to risk mitigation

Don't spend more to protect an asset than it is worth

Which recovery site option provides readiness in minutes to hours? -Warm site -Cold site -Multiple sites -Hot site

Hot site

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need? -Video surveillance -Motion detectors -Mantraps -Biometrics

Mantraps

What term describes the longest period of time that a business can survive without a particular critical system? -Maximum tolerable downtime (MTD) -Recovery time objective (RTO) -Recovery point objective (RPO) -Emergency operations center (EOC)

Maximum tolerable downtime (MTD)

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed? -Detective -Preventive -Corrective -Deterrent

Preventive

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis? -Quantitative -Financial -Qualitative -Objective

Qualitative

Which data source comes first in the order of volatility when conducting a forensic investigation? -Logs -Data files on disk -Swap and paging files -RAM

RAM

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take? -Reduce -Transfer -Accept -Avoid

Reduce

What term describes the risk that exists after an organization has performed all planned countermeasures and controls? -Total risk -Business risk -Transparent risk -Residual risk

Residual risk

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer? -Supervisory Control and Data Acquisition (SCADA) -Embedded -Mobile -Mainframe

Supervisory Control and Data Acquisition (SCADA)

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime. -incident -event -disaster -emergency

disaster

T/F: A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

False


Conjuntos de estudio relacionados

ATI PN Maternal Newborn Online Practice 2020 A with NGN

View Set

Chapter 1: Personal Property vs. Real Property

View Set

Chapter 39: Assessment of Musculoskeletal Function - ML4

View Set

Microeconomics 1041 James Mizzou- Final

View Set

Motivation and emotion: chapter 9

View Set