Risk Flashcards Preview

CompTIA Security+ SY0-501 > Risk > Flashcards

Flashcards in Risk Deck (19)
Loading flashcards...
1
Q

What is Risk?

A

Possibility of a threat exploiting a vulnerability

2
Q

What is technical control?

A

Technology security i.e 802.11i

3
Q

What is management control?

A

Risk/vulnerability assessment
Written security policy
Mandatory vacation

4
Q

What is operational control?

A

Change management/procedure

Ensure day-to-day operations comply with security policy

5
Q

What is a false positive?

A

IPS/IDS recoginises malicious trraffic when there isn’t

6
Q

What is a false negative?

A

IPS/IDS fails to recognise malicious traffic

7
Q

What is mandatory vacation?

A

Can reduce collusion and fraud of employees

8
Q

How is separation of duties more secure?

A

Developer creates application

Team implements software (i.e possible backdoor in software for dev)

9
Q

What is SLE?

A

Single loss expectancy

10
Q

What is ARO?

A

Annualised Rate of Occurrence

i.e 5 year failure 1/5 = 0.2 ARO

11
Q

What is ALE?

A

Annualised Loss Expectancy

ALE = SLE * ARO

12
Q

What is a Software escrow

A

Source code of application available via provider company in event application is no longer supported

13
Q

What is MTTR?

A

Mean Time to Restore

14
Q

What is MTTF?

A

Mean Time to Failure

regarding non-repairable systems

15
Q

What is MTBF?

A

Mean Time Between Failure

16
Q

What entails risk acceptance?

A

Not paying for a countermeasure because the loss is less expensive

17
Q

What is risk transference?

A

Insurance from a 3rd party contractor for equipment servicing and replacement

18
Q

What is RTO?

A

Recovery Time Objective

19
Q

What is RPO?

A

Recovery Point Objective

retention period for restoration