CYSE 300 Module 8 Quiz

Ace your homework & exams now with Quizwiz!

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

qualitative

Which data source comes first in the order of volatility when conducting a forensic investigation?

RAM

A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely.

true

Any component that, if it fails, could interrupt business processing is called a single point of failure (SPoF).

true

Implementing and monitoring risk responses are part of the risk management process.

true

In an incremental backup, you start with a full backup when network traffic is light. Then, each night, you back up only that day's changes

true

The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.

true

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

vulnerability

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

$20,000

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

incident

Forensics and incident response are examples of __________ controls.

corrective

A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.

false

Jake has been asked to help test the business continuity plan at an offsite location while the system at the main location is shut down. He is participating in a parallel test.

false

With adequate security controls and defenses, an organization can oftenreduce its risk to zero.

false

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

mantraps

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

preventive

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

residual risk

Purchasing an insurance policy is an example of the ____________ risk management strategy

transfer

A control limits or constrains behavior.

true


Related study sets

Theme 3: Ethical practice of science

View Set

Chapter 09: Managerial Decision Making

View Set

Immunization Training: Modules 11-20

View Set

Financial Management Midterm Exam

View Set

Genitourinary Disorders practice questions

View Set