fund of cyb - chapt. 8

Ace your homework & exams now with Quizwiz!

true

While running business operations at an alternate site, you must continue to make backups of data and systems.

true

A personnel safety plan should include an escape plan.

false

A business impact analysis (BIA) details the steps to recover from a disruption and restore the infrastructure necessary for normal business operations.

true

Organizations should seek a balance between the utility and cost of various risk management options.

false

Risk refers to the amount of harm a threat exploiting a vulnerability can cause.

true

A control limits or constrains behavior.

false

Deterrent controls identify that a threat has landed in your system.

false

With adequate security controls and defenses, an organization can oftenreduce its risk to zero.

true

Administrative controls develop and ensure compliance with policy and procedures.

true

Fencing and mantraps are examples of physical controls.

true

Implementing and monitoring risk responses are part of the risk management process.

corrective

Forensics and incident response are examples of __________ controls.

false

A structured walk-through test is a review of a business continuity plan to ensure that contact numbers are current and that the plan reflects the company's priorities and structure.

true

A successful business impact analysis (BIA) maps the context, the critical business functions, and the processes on which they rely.

vulnerability

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Adam discovered?

incident

Adam's company recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?

reduce

Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?

preventive

Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?

Don't spend more to protect an asset than it is worth.

What is a key principle of risk management programs?

warm site

Which control is NOT an example of a fault tolerance technique designed to avoid interruptions that would cause downtime?

hot site

Which recovery site option provides readiness in minutes to hours?

disaster

A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.

true

Any component that, if it fails, could interrupt business processing is called a single point of failure (SPoF).

Qualitative

Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?

true

In an incremental backup, you start with a full backup when network traffic is light. Then, each night, you back up only that day's changes.

true

In remote journaling, a system writes a log of online transactions to an offsite location.

false

Jake has been asked to help test the business continuity plan at an offsite location while the system at the main location is shut down. He is participating in a parallel test.

Supervisory Control and Data Acquisition (SCADA)

Joe is responsible for the security of the industrial control systems for a power plant. What type of environment does Joe administer?

$20,000

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the annualized loss expectancy (ALE)?

20%

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the exposure factor?

$2,000,000

Kim is the risk manager for a large organization. She is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a 1 percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $2 million in damage to the facility, which has a $10 million value. Given this scenario, what is the single loss expectancy (SLE)?

2

Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?

Maximum tolerable downtime (MTD)

What term describes the longest period of time that a business can survive without a particular critical system?

residual risk

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

RAM

Which data source comes first in the order of volatility when conducting a forensic investigation?

true

Examples of major disruptions include extreme weather, application failure, and criminal activity.

transfer

Purchasing an insurance policy is an example of the ____________ risk management strategy.

mantraps

Brian needs to design a control that prevents piggybacking, only allowing one person to enter a facility at a time. What type of control would best meet this need?

false

The first step in the risk management process is to monitor and control deployed countermeasures.

true

The recovery point objective (RPO) can come from the business impact analysis or sometimes from a government mandate, such as banking laws.


Related study sets

Cognitive-Behavioral Family Therapy

View Set

Unit 5 Review: Industrialization & Global integration 1750-1900

View Set

The cte shop study set unit 15 & 16

View Set

oxygenation Exemplar 15.F Sudden Infant Death Syndrome

View Set

Dispensing In The Community Pharmacy (Ch. 7)

View Set

Chapter 21: Revolutions and Nation Building, 1848-1871

View Set

Virtual Machines and Networks in the Cloud

View Set

Series 6: Variable Products (Variable Life Insurance Taxation)

View Set

Clinical Skills II: Female Reproductive (NSFW - Pictures Included)

View Set

Art History Sem 2 Midterm study guide

View Set

Job-Order Costing (Problem Solving 3)

View Set