Security+ CH22 Questions
Which of the following is the name often used to describe the process of addressing the questions associated with sources of risk, the impacts and the steps taken to mitigate them in the enterprise? A. Risk assessment B. Business impact analysis C. Threat assessment D. Penetration test
B. Business impact analysis
Which type of security control is used post event, in an effort to minimize the extent of damage? A. Deterrent B. Corrective C. Preventative D. Detective
B. Corrective
Which of the following is a system component whose failure or malfunctioning could result in the failure of the entire system? A. Mean time between failures B. Single point of failure C. Single loss expectancy D. Likelihood of occurrence
B. Single point of failure
Which of the following is the best description of risk? A. The cost associated with a realized risk B. The chance of something not working as planned C. Damage that is the result of unmitigated risk D. The level of concern one places for the well-being of people
B. The chance of something not working as planned
Which of the following is a representation of the frequency of an event, measured in a standard year? A. Annual Loss Expectancy (ALE) B. Annualized Rate of Occurrence (ARO) C. Single Loss Expectancy (SLE) D. Annualized Expectancy of Occurrence (AEO)
B. Annualized Rate of Occurrence (ARO)
Which of the following describes mission-essential functions? (Choose all that apply.) A. Functions that if they do not occur, the mission of the organization would be directly affected. B. Functions that if they are not accomplished properly would directly affect the mission of the organization. C. Functions that are considered essential to the organization. D. The routine business functions.
A. Functions that if they do not occur, the mission of the organization would be directly affected. B. Functions that if they are not accomplished properly would directly affect the mission of the organization. C. Functions that are considered essential to the organization.
Which of the following is a common measure of how long it takes to fix a given failure? A. MTTR B. RTO C. RPO D. MTBF
A. MTTR
A mantrap is an example of which security control? (Choose all that apply.) A. Physical B. Corrective C. Administrative D. Preventative
A. Physical D. Preventative
Which of the following is an analysis of whether PII is collected and maintained by a system? A. Privacy threshold assessment B. Privacy impact assessment C. Risk assessment D. Threat assessment
A. Privacy threshold assessment
Which security control is a policy or procedure used to limit physical security risk? A. Physical B. Technical C. Administrative D. Corrective
C. Administrative
Which of the following impacts is in many ways the final arbiter of all activities, for it is how we "keep score"? A. Reputation B. Safety C. Finance D. Life
C. Finance
Which of the following is the process of subjectively determining the impact of an event that affects a project, program, or business? A. Likelihood of occurrence B. Supply chain assessment C. Qualitative risk assessment D. Quantitative risk assessment
C. Qualitative risk assessment
Which of the following terms is used to describe the target time that is set for a resumption of operations after an incident? A. RPO B. MTBF C. RTO D. MTTR
C. RTO
Which of the following has its roots in system engineering, where it is commonly referred to as configuration management? A. Configuration control B. Security control C. Administrative control D. Change management
D. Change management
Which type of security control is used to meet a requirement when the requirement cannot be directly met? A. Preventative B. Physical C. Deterrent D. Compensating
D. Compensating
