Yurekli Final Chapter 8
True
Administrative controls develop and ensure compliance with policy and procedures.
Incident
Jian Yang's new company in China recently suffered an attack where hackers exploited an SQL injection issue on their web server and stole sensitive information from a database. What term describes this activity?
Preventive
Violet deploys an intrusion prevention system (IPS) on her network as a security control. What type of control has Violet deployed?
Maximum tolerable downtime (MTD)
What term describes the longest period of time that a business can survive without a particular critical system?
Hot Site
Which recovery site option provides readiness in minutes to hours?
False
With adequate security controls and defenses, an organization can often reduce its risk to zero.
Residual risk
What term describes the risk that exists after an organization has performed all planned countermeasures and controls?
True
Any component that, if it fails, could interrupt business processing is called a single point of failure (SPoF).
False
Deterrent controls identify that a threat has landed in your system.
disaster
A(n) _________ is an event that prevents a critical business function (CBF) from operating for a period greater than the maximum tolerable downtime.
Reduce
Alan is the security manager for a mid-sized business. The company has suffered several serious data losses when mobile devices were stolen. Alan decides to implement full disk encryption on all mobile devices. What risk response did Alan take?
Qualitative
Beth is conducting a risk assessment. She is trying to determine the impact a security incident will have on the reputation of her company. What type of risk assessment is best suited to this type of analysis?
corrective
Forensics and incident response are examples of __________ controls.
Vulnerability
Jian Yang is evaluating the security of a web server before it goes live. He believes that an issue in the code allows an SQL injection attack against the server. What term describes the issue that Jian Yang discovered?
$50,000
Monica is the risk manager for a large organization. She is evaluating whether the organization should purchase a lightning protection system. She consulted a variety of subject matter experts and determined that there is a 5 percent chance that a lightning will occur in a given year. If a lightning occurred, it would likely cause $1 million in damage to the facility, which has a $10 million value. Given this scenario, what is the Annualized Loss Expectancy (ALE)?
10 percent
Monica is the risk manager for a large organization. She is evaluating whether the organization should purchase a lightning protection system. She consulted a variety of subject matter experts and determined that there is a 5 percent chance that a lightning will occur in a given year. If a lightning occurred, it would likely cause $1 million in damage to the facility, which has a $10 million value. Given this scenario, what is the Exposure Factor?
$1,000,000
Monica is the risk manager for a large organization. She is evaluating whether the organization should purchase a lightning protection system. She consulted a variety of subject matter experts and determined that there is a 5 percent chance that a lightning will occur in a given year. If a lightning occurred, it would likely cause $1 million in damage to the facility, which has a $10 million value. Given this scenario, what is the Single Loss Expectancy (SLE)?
2
Nancy performs a full backup of her server every Sunday at 1 A.M. and differential backups on Mondays through Fridays at 1 A.M. Her server fails at 9 A.M. Wednesday. How many backups does Nancy need to restore?
Transfer
Purchasing an insurance policy is an example of the ____________ risk management strategy.
Don't spend more to protect an asset than it is worth
What is a key principle of risk management programs?