CompTIA Security+ Chp 15
Match the term to the description: Risk transfer
Get insurance policy
Which of the following represents how you can calculate the ALE?
The ALE = SLE * ARO. The annual loss expectancy is equal to the single loss expectancy multiplied by the annual rate of occurrence.
A small company has identified that having the company server in the closet of a facility and not having it in a locked room presents a risk. They decide to nothing to correct the threat. How have they handled the risk?
Accepting the risk is knowing the risk exists and doing nothing about it
After identifying that a bugger overflow threat against your web server exists, you implement a firewall to control communication to the web server. How have you handled the risk?
Because you have implemented a security control, you have mitigated the risk
Match the term to the description: Mitigate the risk
Implement security control to protect the asset
Match the term to the description: Risk with cloud computing
Privacy concerns
Match the term to the description: ALE
SLE * ARO
You have been asked by the mgr. to help with some risk analysis within the company. What is the first step to performing a risk assessment?
The first step is to identify the assets
Match the term to the description: SLE
Value ($) * EF (%)
Looking at a threat against one of your assets, you have decided to get an insurance policy that covers the risk. How have you handled the risk?
You have transferred the risk by getting an insurance policy, making the risk the insurance company's problem
Which of the following is an example of an intangible impact of a threat?
An intangible impact is a result of a threat that is not always visible -- for example, the effect on the company's reputation
Your manager has been reading about risk analysis and asks you what the benefit of qualitative analysis is. How would you respond?
Qualitative risk analysis has the benefit that it is easier and quicker to perform than quantitative because you do not need to determine the actual value of the asset and percentages such as the exposure factor. These values can sometimes be difficult to pinpoint.
Which type of risk analysis involves calculating the actual dollars lost due to a threat occurring?
Quantitative risk analysis involves calculating dollar amounts lost due to a threat occurring.
Which of the following best describes risk analysis?
Risk analysis doesn't just involve identifying the threat or the weakness in a solution, but also involves identifying the mitigation strategy that should be used.
Your company has a piece of machinery that is used to produce the main product your company sells. It has been decided that the machinery has a face value of 320,000. If a part fails, it will have an impact of your company losing 18% of the asset value with each failure. You expect the failure to occur once every four years. What is the annual loss expectancy of the threat?
To calculate the ALE, you must first calculate the SLE, which is the value of the asset multiplied by the impact (known as the exposure factor). In this case, it is 320,000 * 0.18 = 57,600 (the SLE) You then must take the SLE and multiply it by the annual rate of occurrence (in this case, 1/4) this gives you ALE = 57,600 * 0.25 = 14,400.