IMPORTANT: AFTER PURCHASE, OPEN THIS PAGE AGAIN AND SCROLL DOWN BELOW TO DOWNLOAD FILES WITH ANSWERS.
QUESTIONS SET 1:
1. What is the area that is inside the firewall?
2. What are often the weakest links in IT security?
3. Risk __________ is the practice of identifying, assessing, controlling, and mitigating risks.
4. Companies use risk management techniques to differentiate ___________ from _________?
5. What are the elements of the security triad?
6. What is the primary reason to avoid risk?
7. What is NOT a step in risk management?
8. What is NOT an example of an intangible value?
9. Total risk = _______________
10. What is the best example of warez?
11. IDS stands for ______________.
12. __________ damage for the sake of doing damage, and they often choose targets of opportunity.
13. A(n) __________ is a computer joined to a botnet.
14. What is NOT an example of unintentional threat?
15. What is the most commonly seen attack?
16. Identify the acronym that does NOT refer to an initiative taken by the government to help companies manage IT risks.
17. What is a security policy?
18. When does a threat/vulnerability pair occur?
19. When risk is reduced to an acceptable level, the remaining risk is referred to as _________.
20. What can you control about threat/vulnerability pairs?
21. When your bank or credit card company sends you a notification of changes in how it collects or shares data, it is sending that notification in compliance with ________________.
22. When companies are expected to adhere to the laws that they are affected by, this is commonly known as _______________.
23. What is NOT one of the three primary bureaus of the FTC?
24. What is the relevance of state AGs to IT issues?
25. What is the function of job rotation?
26. When the FTC was created in 1914, its primary goal was to ______________.
27. HIPAA requires that your insurance company sets standards for the protection of your data and the systems that handle that data’s ________________.
28. What is the relationship between Enron and SOX?
29. What are the six principles of PCI DSS?
30. CIPA is ________________.
31. At what point should you describe the procedures and schedules for accomplishment?
32. Costs for solutions are often ____________.
33. Choose the most accurate statement with respect to creating a risk management plan.
34. What information should you include in your report for management when you present your recommendations?
35. POAM stands for _________.
36. After you collect data on risks and recommendations, you include that information in a report, and you give that report to management. Why do you do this?
37. All of the following terms have the same meaning EXCEPT:
38. A risk management PM is also sometimes called a(n) ________________.
39. What is the purpose of a POAM?
40. What are the four major categories of reporting requirements?
41. What is the Delphi Method?
42. What is NOT a benefit of a qualitative RA?
43. What are the two primary methods used to create a risk assessment?
44. All of the following are major components of RAs, EXCEPT:
45. What is NOT a benefit of a quantitative RA?
46. A (n) __________ is a common type of attack on Internet-facing servers.
47. It is common to focus the scope of an RA on system ownership, because doing so ____________.
48. If you know an SLE is $100 and the associated ARO is 5 months, then what is the ALE?
49. When should you perform a risk assessment?
50. ____________ assessments are objective, while ___________ assessments are subjective.
51. An exploit assessment is also known as a(n) ___________.
52. __________ define(s) how the system operates in your environment.
53. Addresses ______________ are automatically marked as spam.
54. ____________ is the process of determining fair market value of an asset.
55. _____________ value is the cost to purchase a new asset.
56. How do you start a risk assessment?
57. The _____________ define(s) what the system does.
58. Threat ___________ is a process used to identify possible threats on a system.
59. What is NOT something to consider when determining the value of an asset?
60. What is an example of a Group Policy?
61. A ___________ plan can help ensure that mission-critical systems continue to function after a disaster.
62. The two categories of IP are _______________ and _______________.
63. An operating system is an example of a(n) ___________.
64. A failover cluster requires at least __________ node(s).
65. BIA is an important part of a(n) _____________, and it can also be part of a(n) __________.
66. What is NOT a category of data and information assets?
67. A ___________ plan can help you identify steps needed to restore a failed system.
68. ________ help(s) prevent a hard drive from being a single point of failure. __________ help(s) prevent a server from being a single point of failure. _________ help(s) prevent a person from being a single point of failure.
69. How can you determine the importance of a system?
70. Most organizations use __________ to track hardware assets.
71. Penetration testing is also known as ____________ testing.
72. Functionality testing is primarily used with ____________.
73. Risk = which of the following?
74. What is NOT a benefit of the tools commonly used to perform vulnerability scans?
75. In a SQL injection attack, an attacker can _________________.
76. What is a transaction in a database?
77. Why are audits performed?
78. Ideally, when should you perform threat modeling?
79. What are some of the best practices you can use when evaluating potential threats for each of the domains?
80. How do attackers deface websites?