Risk Management Flashcards Preview

CompTIA CASP+ > Risk Management > Flashcards

Flashcards in Risk Management Deck (22)
Loading flashcards...
1
Q

Which of the following best describes a partnership?
A. The combination of two or more corporations transferring the properties to one surviving corporation
B. Two or more persons or companies contractually associated as joint principals in a business
C. Obtaining goods or services from an outside supplier
B. A condition in which a business cannot meet its debt obligations

A

B. A partnership is a type of business entity in which two or more entities share potential profit and risk with each other.

2
Q

In what way is outsourcing different from a partnership?
A. Outsourcing only occurs when products come from third countries, whereas partnerships occur within the same country.
B. Both use in-house labor to create products for themselves.
C. One uses in-house labor, whereas the other contracts the labor from a partner.
D. One uses an outside supplier, whereas the other combines the two entities.

A

C. Outsourcing is when the customer assigns the work to the contractor.

3
Q
Which of the following is not an issue to consider with cloud computing? 
A. Physical location of data 
B. Sensitivity of data 
C. Hiring practices 
D. Disaster recovery plans
A

A. With cloud computing, you don’t worry about the physical location of data.

4
Q
Which of the following is not an advantage of quantitative risk assessments? 
A. Examination of real threats 
B. Fast results 
C. Real numbers 
D. Dollar values
A

B. Quantitative assessment takes much more time than qualitative assessment.

5
Q
Which of the following is the formula for SLE? 
A. SLE = AV × EF 
B. SLE = AV / EF 
C. SLE = ARO × EF 
D. SLE = ARO × AV
A

A. Single loss expectancy (SLE) = asset value (AV) × exposure factor (EF).

6
Q
Which of the following is not an advantage of qualitative risk assessments? 
A. Speed 
B. Use of numeric dollar values 
C. Based on CIA 
D. Performed by a team
A

B. There are no dollar values with qualitative assessment.

7
Q
Which of the following is the formula for ALE? 
A. ALE = AV × ARO 
B. ALE = ARO x SLE 
C. ALE = SLE / ARO 
D. ALE = AV / ARO
A

B. Annualized loss expectancy (ALE) = annualized rate of occurrence (ARO) × single loss expectancy (SLE).

8
Q
Which of the following is the approach for dealing with risk that incurs an ongoing continual cost from a third party? 
A. Accept 
B. Avoid 
C. Mitigate 
D. Transfer
A

D. Transferring the risk means to offload the risk to a third party, which would incur a monthly fee, such as, for example, an insurance premium.

9
Q
Implementation of a firewall best maps to which of the following? 
A. Accept 
B. Avoid 
C. Mitigate 
D. Transfer
A

C. Implementing a technical control such as a firewall is an example of mitigating the risk (of network attacks).

10
Q
The government-based information classification model is based on which of the following? 
A. Confidentiality 
B. Availability 
C. Integrity 
D. Service level
A

A. The governmental system focuses on confidentiality.

11
Q
The industry-based model of information classification is based on which of the following? 
A. Confidentiality 
B. Availability 
C. Integrity 
D. Service level
A

C. An industrial or commercial system is based on integrity.

12
Q
Which of the following is the highest level in the government model of information classification? 
A. Supersecret 
B. Top Secret 
C. Secret 
D. Sensitive
A

B. Top Secret is the highest classification level.

13
Q
Which of the following is the lowest level of information classification in the public-sector model? 
A. Open 
B. Public 
C. Available 
D. Unclassified
A

B. Information classified as public is freely available for all to know.

14
Q

Which of the following is not an attribute of TPM? A. Inexpensive
B. Specialized chip
C. External to device
D. Fast

A

C. The TPM is internal to the device.

15
Q

Which of the following is not an attribute of HSM? A. Protects cryptographic algorithms
B. Comes in PCI blades
C. Sold as stand-alone devices
D. Can handle high volumes of transactions

A

D. HSM cannot handle high volumes of transactions.

16
Q
After determining the exposure factor, which is the next step of the quantitative risk assessment process? 
A. Determine SLE 
B. Determine ARO 
C. Determine ALE 
D. Determine AV
A

D. The next step is to determine the asset value (AV).

17
Q
Which of the following is not a concern for data in transit? 
A. Man-in-the-middle attacks 
B. Backdoor attack 
C. Sniffing 
D. Hijacking
A

B. Backdoor attacks do not target data in transit.

18
Q

Which of the following best describes EDI?
A. It is based on an X509 format.
B. It is based on an ANSI X114 format.
C. EDI is used to exchange data in a format that both the sending and receiving systems can understand.
D. EDI is used to convert data into a format that both the sending and receiving systems can understand.

A

C. EDI is used to exchange data in a format that both the sending and receiving systems can understand.

19
Q
A(n) \_\_\_\_\_\_\_\_\_\_\_\_\_\_ can be described as a weakness in hardware, software, or components that may be exploited in order for a threat to destroy, damage, or compromise an asset. 
A. Vulnerability 
B. Threat 
C. Exposure 
D. Risk
A

A. A vulnerability is a weakness in hardware, software, or components that may be exploited.

20
Q
A(n) \_\_\_\_\_\_\_\_\_\_\_\_\_\_ is any agent, condition, or circumstance that could potentially cause harm to, loss of , or damage to an IT asset or data asset or compromise it. 
A. Vulnerability 
B. Risk 
C. Threat 
D. Exposure
A

C. A threat is any agent, condition, or circumstance that could potentially cause harm to, loss of, or damage to an IT asset or data asset or compromise it.

21
Q
What does GDPR stand for? 
A. General Data Progressive Regulation 
B. General Data Protection Regulation 
C. General Document Protection Regulation 
D. General Detail Protection Regulation
A

B. GDPR stands for General Data Protection Regulation.

22
Q
What does PII stand for? 
A. Protected important intelligence 
B. Personal imperative intellect 
C. Personally identifiable information 
D. Personally imperative info
A

C. PII stands for personally identifiable information.