Risk Management Quiz
10 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the term for the concept that users should have only the access needed?

  • Deny all
  • Audited control
  • Defense in depth
  • Least privilege (correct)
  • Which type of testing involves manually performing the recovery steps without causing any real disruption?

  • Checklist
  • Full interruption test
  • Simulation test
  • Walk-through test (correct)
  • What is the term for the length of time between an interruption and the recovery from that interruption?

  • Availability
  • MTBF
  • RPO
  • MTTR (correct)
  • What is the purpose of tools such as Nikto, Nessus, Retina, LanGuard, and SAINT?

    <p>Vulnerability scanning</p> Signup and view all the answers

    What is the formula for Single Loss Expectancy (SLE)?

    <p>SLE = AV × EF</p> Signup and view all the answers

    What type of disaster recovery site is the cheapest to maintain?

    <p>Cold site</p> Signup and view all the answers

    Which of the following is an advantage of qualitative risk assessments?

    <p>Speed</p> Signup and view all the answers

    What is the approach for dealing with risk that involves shifting the risk to another entity?

    <p>Transfer</p> Signup and view all the answers

    What is the next step after determining the exposure factor in the quantitative risk assessment process?

    <p>Determine the SLE</p> Signup and view all the answers

    What is a weakness in hardware, software, or components that may be exploited?

    <p>Vulnerability</p> Signup and view all the answers

    Study Notes

    Risk Assessment

    • Quantitative risk assessment does not offer subjective opinions as an advantage.
    • The formula for Single Loss Expectancy (SLE) is SLE = AV × EF.
    • Qualitative risk assessment has speed as an advantage, but not the use of numeric dollar values.

    Risk Management

    • The formula for Annualized Loss Expectancy (ALE) is ALE = ARO × SLE.
    • Risk transfer involves incurring an ongoing continual cost from a third party.
    • Risk mitigation is the approach that involves implementing a firewall.

    Problem-Solving and Planning

    • After determining the exposure factor, the next step in the quantitative risk assessment process is to determine the SLE.
    • Brainstorming is a step in the problem-solving process that involves gathering facts.
    • Gap analysis helps describe the difference between the current state and the desired state.

    Security and Vulnerabilities

    • A vulnerability is a weakness in hardware, software, or components that may be exploited.
    • A threat is any agent, condition, or circumstance that could potentially cause harm to or compromise an asset.

    Security Testing and Auditing

    • Nikto, Nessus, Retina, LanGuard, and SAINT are useful for vulnerability scanning.
    • A cold site is the cheapest type of disaster recovery site to maintain.

    Access Control and Disaster Recovery

    • The principle of least privilege states that users should have only the access needed.
    • A walk-through test is a type of disaster recovery testing that involves manually performing the recovery steps without causing any real disruption.
    • Mean Time To Repair (MTTR) is the length of time between an interruption and the recovery from that interruption.

    Other Concepts

    • Security awareness training helps employees know how to respond to potential security risks and incidents.
    • A Unified Availability (UA) measures the agreed-on amount of uptime.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of risk management concepts, including quantitative and qualitative risk assessments, SLE formulas, and more!

    Use Quizgecko on...
    Browser
    Browser