ITC 660 Quiz 8 - Risk, Response and Recovery

अब Quizwiz के साथ अपने होमवर्क और परीक्षाओं को एस करें!

What a key principle of risk management programs?

Don't spend more to protect an asset than it is worth.

Which recovery site option provides readiness in minutes to hours?

Hot site

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

Incident

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

Mantraps

What term describes the longest period of time that a business can survive without a particular critical system?

Maximum tolerable downtime (MTD)

Violet deploys an IPS on her network as a security control. What type of control has Violet deployed?

Preventive

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

Qualitative

Which data source comes first in the order of volatility when conducting a forensic investigation?

RAM

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

Reduce

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Residual risk

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

SCADA

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

Vulnerability

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

Warm site

Forensics and incident response are examples of __________ controls.

corrective

A(n) _________ is an event that prevents a CBF from operating for a period greater than the maximum tolerable downtime.

disaster

Purchasing an insurance policy is an example of the ____________ risk management strategy.

transfer

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the SLE?

$2,000,000

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the ALE?

$20,000

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

2

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor?

20 percent


संबंधित स्टडी सेट्स

Philosophy 1145: Chapter 4 Strong Arguments

View Set

Chapter 15 Business Law, business law test bank 15, BLaw Exam 2 12-16, Offers and Counteroffers, BLAW quiz 4, Exam 2 Terms, Bus Law - Chap 13., Exam 2

View Set