SECURITY+ SY0-601 STUDY SET from Mike Myer's Book

__________________ is defined as using and manipulating human behavior to obtain a required result. It typically involves NON-TECHNICAL methods of attempting to gain unauthorized access to a system or network. Correct answer- Social engineering Through social engineering, an attacker might easily lead a user to reveal her account password or to provide personal information that might reveal her password, a technique known as ____________________. Correct answer- eliciting information ________________________ is when a social engineer calls a helpdesk operator, who claims to be a high-level user, and demands that the operator reset the user's password immediately so that the user can complete an important task. Correct answer- Impersonation _______________ is a technique in which a social engineer creates a story, or pretext, that employs one or more of these principles to motivate victims to act contrary to their better instincts or training. Correct answer- Pretexting A __________________ scam is a social engineering technique that targets a large group of recipients with a generic message that attempts to trick them into either visiting a website and entering confidential personal information, responding to a text or SMS message (known as ___________), or replying to an e-mail with private information, often a username and password, or banking or credit card details. Correct answer- phishing / smishing _____________________ is a targeted type of phishing attack that includes information familiar to the user and appears to be from a trusted source such as a company such as a financial service that the user has used previously, a social media site such as LinkedIn, or even a specific trusted user. Correct answer- Spear phishing _________________ are important tools to protect against phishing attacks. Users must be aware that financial institutions will never ask for bank account numbers and credit card details in an e-mail to a user. Correct answer- User education and awareness training ______________ is a type of phishing attack that is targeted at a specific high-level user, such as an executive. Correct answer- Whaling ________________ is when an unauthorized person casually glances over the shoulder of an employee as she returns to her desk and enters her username and password into the computer. Correct answer- Shoulder surfing _____________________ is one of the simpler forms of social engineering and describes gaining physical access to an access-controlled facility or room by closely following an authorized person through the security checkpoint. Correct answer- Tailgating _____________ is a social engineering technique that misdirects a user to an attacker's website without the user's knowledge, usually by manipulating the Domain Name Service (DNS) on an affected server or the hosts file on a user's system. While much like phishing, where a user may click a link in a seemingly legitimate e mail message that takes him to an attacker's website, pharming differs in that it installs code on the user's computer that sends them to the malicious site, even if the URL is entered correctly or chosen from a web browser bookmark. Correct answer- Pharming __________ is instant messaging spam, and much like the more common e-mail spam, it occurs when a user receives an unsolicited instant message from another user, including users who are known and in the user's contact list. Correct answer- SPIM (spam over instant messaging) _______________ is a type of phishing attack that takes place over phone systems, most commonly over VoIP (Voice over IP) lines. Correct answer- Vishing A _________ is typically some kind of urban legend or sensational false news that users pass on to others via e-mail because they feel it is of interest. While mostly harmless, some are phishing attempts that try to get the user to visit a link in the e-mail message that redirects to a malicious website. The only cure is user education as to avoid spreading these types of messages to other users. Correct answer- hoax As part of corporate espionage, some companies hire private investigators to examine garbage dumpsters of a target company, and these investigators try to discover any proprietary and confidential information. This is called __________________. Correct answer- Dumpster diving You have been contacted by your company's CEO after she received a personalized but suspicious e-mail message from the company's bank asking for detailed personal and financial information. After reviewing the message, you determine that it did not originate from the legitimate bank. Which of the following security issues does this scenario describe? A. Dumpster diving B. Phishing C. Whaling D. Vishing Correct answer- C During your user awareness training, which of the following actions would you advise users to take as the best security practice to help prevent malware installation from phishing messages? A. Forward suspicious messages to other users B. Do not click links in suspicious messages C. Check e-mail headers D. Reply to a message to check its legitimacy Correct answer- B Negative company financial information was carelessly thrown in the trash bin without being shredded, and a malicious insider retrieved it and posted it on the Internet, driving the stock price down. The CEO wants to know what happened—what was the attack? A. Smishing B. Dumpster diving C. Prepending D. Identity fraud Correct answer- B Max, a security administrator, just received a phone call to change the password for a user in the HR department. The user did not provide verification of their identity and insisted that they needed the password changed immediately to complete a critical task. What principle of effective social engineering is being used? A. Trust B. Consensus C. Intimidation D. Urgency Correct answer- D A _______ is a malicious computer program that requires user intervention (such as clicking it or copying it to media or a host) within the affected system, even if the virus program does not harm the system. They self-replicate without the knowledge of the computer user. Correct answer- virus _____________ infect the boot sector or partition table of a disk which is used by the computer to determine which operating systems (OSs) are present on the system to boot. Correct answer- Boot sector viruses A _______________ disguises itself as a legitimate program, using the name of a legitimate program but with a different extension. For example, a virus might be named to emulate a file called . Correct answer- companion virus A ___________ uses the internal workings of Microsoft Word and Excel to perform malicious operations when a file containing the virus is opened, such as deleting files or opening other virus-executable programs. Correct answer- macro virus A _________ hides from antivirus software by encrypting its code. They attempt to cover their trail as they infect their way through a computer. Correct answer- stealth virus ______________ are designed to make detection and reverse engineering difficult and time consuming, either through obfuscation or through substantial amounts of confusing code to hide the actual virus code itself. *While armored viruses are often quite good at what they are designed to do, they are significantly larger than necessary, which makes their presence easier to detect. Correct answer- Armored viruses _______________ changes with each infection. These types of viruses were created to confuse virus-scanning programs. Correct answer- Polymorphic malware __________________ log a user's keystrokes for various purposes, either via hardware or software means. Correct answer- Keyloggers A ____________ hides on your computer system until called upon to perform a certain task. They are usually downloaded through e-mail attachments, websites, and instant messages. They are usually disguised as popular programs such as games, pictures, or music. Correct answer- Trojan horse program A _________________ installs a backdoor that bypasses all authentication controls and allows the attacker continuous access to the client computer. Correct answer- remote access Trojan (RAT) A ____________ does not activate until a specific event, such as reaching a specific date or starting a program a specific number of times, is triggered. Correct answer- logic bomb program A ___________ is a self-contained program (or set of programs) that can self-replicate and spread full copies or smaller segments of itself to other computer systems via network connections, e-mail attachments, and instant messages. *Compare this to viruses, which cannot self-replicate, but instead depend on the sharing of their host file to spread. Correct answer- computer worm ____________________ and spyware are a subset of software known as ____________________, potential threats that are not always considered security risks but are still generally considered unwelcome. Correct answer- Adware (advertising software) / potentially unwanted programs (PUPs) ________________, such as a crypto-locking virus, is designed to lock users out of their system until a ransom is paid. Ex: CryptoLocker and WannaCry Correct answer- Ransomware A ____________ is a type of backdoor program that is inserted into application software and allows a remote user root access (administrator access) to the system on which the software is installed, without the permission or knowledge of the user. Correct answer- rootkit A ________ is typically any type of computer system that is attached to a network whose security has been compromised and that runs malicious software completely unknown to the system users. Botnets and their bots (often called "zombie" computers) are typically used for distributed denial-of service (DDoS) attacks. Correct answer- bot _______________ are named as such as a loose analogy to the birthday paradox, stating that if you have 23 people in a room, the probability that two or more of them share the same birthdate (without the year) is 50 percent. Correct answer- Birthday attacks A ______________ is the most basic type of password attack. In this attack's simplest form, an attacker might repeatedly attempt to guess the user's password. Correct answer- brute-force attack More effective and efficient than a brute-force attack, a _______________ uses dictionaries, or lists of common words across various types of organizations, languages, and other words that might be used for passwords, as well as common substitutions, such as using the @ symbol in lieu of the letter a. Correct answer- dictionary attack ___________ are a variation on a dictionary attack that, instead of trying to guess the password, use precomputed hashes (called rainbow tables) developed by software that can process huge lists of words and spit out their hash, which is then added to the rainbow table's file. Correct answer- Rainbow attacks You suspect that your server has been compromised because it has been running slowly and is unresponsive. Using a network analyzer, you also notice that large amounts of network data are being sent out from the server. Which of the following is the most likely cause? A. The server has a rootkit installed. B. The server requires an operating system update. C. The server is infected with spyware. D. The server is part of a botnet. Correct answer- D Antivirus software may NOT be able to identify which of the following? A. Trojans B. Logic bombs C. Polymorphic viruses D. Adware Correct answer- B In a ____________, the extra characters are malicious code that causes the program or even the entire system to crash. Correct answer- buffer overflow attack _____________ essentially creates a denial-of-service condition, because the resources that are needed to execute actions associated with an application are entirely exhausted (hence the name), leading to either an error, performance slowdown, or a denial of service. Correct answer- Resource exhaustion In a _______________ scenario, an attacker exploits a bug within an application to bypass the application and gain elevated privileges that enable the attacker to execute system commands. *Protection against it requires that programmers use input validation and test their code for bugs and exploits Correct answer- privilege escalation ______________ can occur when a user's cookie for a website, which can contain session authentication credentials for a remote server, is hijacked by another user, who then uses that cookie to gain unauthorized access. *To protect it, web applications should regenerate session keys and IDs after each successful login, as to deny access to any non-legitimate user. Correct answer- Session hijacking High-security applications such as web banking use _______________ over the now- deprecated Secure Sockets Layer (SSL) to encrypt sessions, including the transfer of information in user cookies. Correct answer- Transport Layer Security (TLS) ____________ is similar to another attack, URL redirection, in that both often redirect to a malicious site that attempts to gain credentials, but URL redirection often comes in the form of a phishing email that redirects from a legitimate site to a malicious site, while clickjacking incorporates hidden, invisible, or false elements. Correct answer- Clickjacking ______________ is a type of website application vulnerability that allows malicious users to inject malicious code into dynamic websites that rely on user input. Ex: A search engine website or user message forum that utilizes user input. Correct answer- Cross-site scripting (XSS) ______________ is a type of attack that relies on the ability to use a user's current web browsing state, including session cookie data and login identity credentials, and trick that user into navigating to a website that contains malicious code. Correct answer- Cross-site request forgery (CSRF) In _________________, the attacker sends SQL input (normally in the form of SQL database manipulation commands) to the database via an input form. Correct answer- Structured Query Language (SQL) injection ________________ is a type of access vulnerability that enables a hacker to actually navigate the website directory tree through the URL, via ../ on a Unix system or .. on a Windows system, to go to the parent directory. Correct answer- Directory traversal ___________________ are very difficult to defend against, but in most cases, OS and software application vendors are very responsive in patching their software in the event a new vulnerability is discovered. You must always make sure your software is running the latest version with all security patches available installed. Correct answer- Zero-day attacks A ______________ happens when an application is dependent on the steps to be performed in an appropriate order, and the steps are subsequently then executed out of order, creating a crash or other negative situation that can be exploited by an attacker. Correct answer- race condition A __________________ occurs when an unauthorized user captures network traffic and then sends the communication to its original destination, acting as the original sender Correct answer- replay attack While testing exception handling with a web application, you encounter an error that displays a full URL path to critical data files for the application. Which one of the following types of vulnerabilities would this application be susceptible to? A. Buffer overflow B. Session hijacking C. Cross-site scripting D. Directory traversal Correct answer- D Your web application currently checks authentication credentials from a user's web browser cookies before allowing a transaction to take place. However, you have had several complaints of identity theft and unauthorized purchases from users of your site. Which of the following is the mostly likely cause? A. Cross-site scripting B. Session hijacking C. Header manipulation D. Lack of encryption Correct answer- B During testing of a web application, you discover that due to poor input validation, you can easily crash the server by entering values in the input forms much greater than the system can handle. What type of vulnerability is this? A. Session hijacking B. Buffer overflow C. Privilege escalation D. XML injection Correct answer- B In __________, an unauthorized user sends unwanted messages to another Bluetooth device in range of the originating device. Correct answer- bluejacking A more serious Bluetooth vulnerability is called ____________, where an unauthorized user connects to an unprotected Bluetooth device and access any data stored on it. Correct answer- bluesnarfing __________ are rogue access points set up to mimic a legitimate WiFi network. An unsuspecting user could connect and make an online purchase using her banking or credit card details, which are then stolen by the hacker for the purposes of identity theft and fraud. Correct answer- Evil twins In a DoS attack, a malicious user can send a continuous stream of rapid ping attempts, called a _______________ The host is then overloaded by having to reply to every ping, rendering it unable to process legitimate requests. Correct answer- "ping of death." A ________________ uses publicly accessible Domain Name System servers to conduct a DDoS on a victim server by flooding the system with the DNS response traffic. Correct answer- DNS amplification attack ____________ is a type of network attack in which the ARP cache of systems on the network is modified to associate an IP address with the MAC address of the attacker's system. Correct answer- Address Resolution Protocol (ARP) poisoning A __________ uses a spoof attack combined with a DDoS attack to exploit the use of IP broadcast addressing and ICMP (ping). Correct answer- smurf attack An ___________ is one of the "noisiest" scans performed simply because it uses so many nonstandard flags in combination set to "on." All the enabled flags in the TCP segment are like the lights of a Christmas tree to the scanned device It can also identify operating systems based on their response to these nonstandard options. Correct answer- Xmas scan The __________ technique takes advantage of a DNS server's tables of IP addresses and hostnames by replacing the IP address of a host with another IP address that resolves to an attacker's system. Correct answer- DNS poisoning _______________ are designed to infiltrate a system or network through the exploitation of a secondary system or network. Often, the attacker inserts malware into a website that he believes the target will visit and waits for the target to be exploited via the secondary site. Correct answer- Watering hole attacks Your web server is being flooded by a denial-of-service attack. Using a network analyzer, you see that IP broadcast replies are being sent back to the address of your server from multiple addresses. Which type of network attack is this? A. On-path B. Back door C. Smurf D. DNS poisoning Correct answer- C During a denial-of-service attack, a network administrator blocks the source IP address with the firewall, but the attack continues. What is the most likely cause of the problem? A. The denial-of-service worm has already infected the firewall locally. B. The attack is coming from multiple distributed hosts. C. A firewall can't block denial-of-service attacks. D. Antivirus software needs to be installed. Correct answer- B A few systems have been infected with malware; log analysis indicates the users all visited the same legitimate website to order office supplies. What is the most likely attack the users have fallen victim to? A. Replay B. Watering hole C. ARP poisoning D. Domain kiting Correct answer- B Which of the following types of wireless attacks utilizes a weakness in WEP key generation and encryption to decrypt WEP encrypted data? A. IV attack B. War driving C. PSK attack D. Eavesdropping Correct answer- A ___________ are the lowest-common-denominator threat actor; these are delinquent teenagers sitting in their parents' basement, as the ugly stereotype goes. Often their tools are "point and click" or simple scripts and have little sophistication. Correct answer- Script kiddies _______________ utilize cyber means for social or political reasons. Anonymous is probably the most famous of these. Correct answer- Hacktivists An __________ is an adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors. Correct answer- Advanced persistent threat (APT) _________ may be the most dangerous type of threat actor of them all due to being employees, contractors, or other privileged parties having the access inherent to their position. Correct answer- Insiders A company insider decides to steal data and sell it to a competitor that is offering a large amount of cash. Which of the following terms describes the insider? A. Threat B. Threat actor C. Vulnerability D. Risk actor Correct answer- B Threat hunting can be partially automated through the use of which tool? A. Security information and event manager (SIEM) B. Anti-malware scanner C. Vulnerability scanner D. Security orchestration, automation, and response (SOAR) Correct answer- D A _____________ is a security weakness, such as the lack of a security control, that could be exploited or exposed by a threat Correct answer- vulnerability _________________ involves disabling or removing services that are not required by the system. Correct answer- Hardening Before you install any update or patch onto networked systems, install and test it on a test host in a lab environment. A True B False Correct answer- A __________ refers to networks and systems that are managed outside of the IT organization, often without the IT organization's permission or even awareness. Correct answer- Shadow IT Which of the following terms describes the level of harm that results from a threat exploiting a vulnerability? A. Attack B. Likelihood C. Impact D. Risk Correct answer- C Kevin, a college professor researching viruses, sets up a server within his campus lab without notifying the college's IT department. He doesn't want to lock the system down with security controls that could possibly slow his analysis. What is the best term to describe Kevin's new computer? A. Attack surface B. Shadow IT C. Noncompliance D. Impact Correct answer- B Port number for HTTP Correct answer- TCP 80 Port number for FTP Correct answer- TCP 21 Port number for DNS Correct answer- UDP 53 Port number for DHCP Correct answer- UDP 67 Port number for SMTP Correct answer- TCP 25 Port number for Telnet Correct answer- TCP 23 Port number for POP3 Correct answer- TCP 110 Port number for IMAP Correct answer- TCP 143 Port number for SSH Correct answer- TCP 22 Port number for LDAP (Active Directory) Correct answer- 389 A _____________ occurs when a vulnerability scan reports a vulnerability that does not actually exist. Correct answer- false positive Even more dangerous than a false positive, a _____________ occurs when a vulnerability indeed exists but it is not detected by the scanner. Correct answer- false negative Lauren is performing a vulnerability assessment for a web server. Which of the following tools should she use to determine what active ports, protocols, and services are running? A. Wireshark B. Nmap C. Honeypot D. Banner Grabber Correct answer- B Which of the following is the most dangerous type of finding because it can actually mean that a potential vulnerability goes undetected? A. False positive B. False negative C. False flag D. False scan Correct answer- B Tom is looking for a single tool that aggregates all the different data points from the network, including network alerts, packet capture, user behavior and sentiment analyses, data inputs, log files, and physical security logs, from every host on the network. What is the best option? A. Anti-malware scanner B. Vulnerability scanner C. Port scanner D. SIEM solution Correct answer- D New management has decided to test the security of the existing network infrastructure implemented by the current network administrators. Which of the following should be performed to provide the most objective and useful test of your security controls? A. Hire a real hacker to attack the network. B. Perform third-party penetration testing. C. Perform penetration testing by the network administrators. D. Initiate an external denial-of-service attack. Correct answer- B _________________ are the high-level risk management, assessment, and mitigation plans that define your overall organization security. Ex: Common managerial controls include administrative policies, procedures, and plans and management programs. Correct answer- Managerial risk controls The category of ______________________ encompasses the actual technical measures used to reduce security risks in your organization, which include deep-level network and system security (firewalls, antivirus scanning, content filters, and other network security devices) Correct answer- technical risk controls Controls in the ________________ category address how the organization conducts its daily business and are designed to minimize the security risk to those business activities. This category could include, for example, companywide policies Correct answer- operational risk ___________________ compensate for weaknesses or inherent flaws within other controls or a lack of controls, such as regularly scheduled third-party review of logs based on an inability to enable proper separation of duties across system administrators. Correct answer- Compensating controls _____________________ correct back to a trusted or "known-good" state; an example is regularly tested backups limiting the time a critical database is offline. Correct answer- Corrective controls _____________ detect and characterize events or irregularities as or after they occur, such as internal or external audits conducted on a non-notice basis. Correct answer- Detective controls _______________________ deter and discourage an event from taking place (for example, roaming security guards and cameras placed around the facilities that are continuously monitored by personnel). Correct answer- Deterrent controls ________________ include physical access controls (perimeter fencing, security passes, and surveillance) and environmental controls (fire suppression and temperature controls). Correct answer- Physical controls Which of the following is not a control function? A. Deter B. Detect C. Destroy D. Compensate Correct answer- C Which of the following are control categories? (Choose all that apply.) A. Mitigation B. Recovery C. Operational D. Managerial Correct answer- CD The _____________ grants users only the access rights they need to perform their job functions. This requires giving users the least amount of access possible to prevent them from abusing more powerful access rights. Correct answer- least privilege principle The ______________ ensures that one single individual isn't tasked with high-security and high-risk responsibilities. Certain critical responsibilities are separated between several users to prevent corruption. Correct answer- separation of duties ________________ provides improved security because no employee retains the same amount of access control for a position indefinitely. This prevents internal corruption by employees who might otherwise take advantage of their long-term position and security access. Correct answer- Job rotation A _______________ policy requires employees to use their vacation days at specific times of the year or to use all their vacation days allotted for a single year. This policy helps detect security issues with employees, such as fraud or other internal hacking activities, because the anomalies might surface while the user is away Correct answer- mandatory vacation An __________________ is a set of established guidelines for the appropriate use of computer networks within an organization. The AUP is a written agreement, read and signed by employees, that outlines the organization's terms, conditions, and rules for Internet and internal network use. Correct answer- acceptable use policy (AUP) A company practices ____________________ by ensuring that all activities that take place in the corporate facilities are conducted in a reasonably safe manner. Correct answer- due care A company practices ________________ by implementing and maintaining these security procedures consistently to protect the company's facilities, assets, and employees. Correct answer- due diligence _____________ guarantees that in the event of a security issue by an employee, the employee receives an impartial and fair inquiry into the incident to ensure the employee's rights are not being violated. Correct answer- Due process _________________ are often utilized when an employee, or even a third-party vendor or supplier, requires access to sensitive or proprietary information, information that could provide an advantage to a competitor, or, in the case of federal agencies or contractors, harm national security. Correct answer- Nondisclosure agreements (NDAs) To prevent legal liabilities, companies have implemented _______________ to help reduce the possibility of legal problems arising from past messaging communications and data. Correct answer- data retention policies System architecture diagrams should never be displayed or stored in a public area, especially if they contain system IP addresses and other information hackers can use to compromise a network. A True B False Correct answer- A A __________________ maintains that any confidential papers, sticky notes with sensitive information, cell phones, portable devices, and removable media should be always kept in locked drawers. Correct answer- clean desk space policy Users must ensure that they lock and password-protect their workstation sessions whenever they are away from their desk. A True B False Correct answer- A A _____________________ is an understanding among a supplier of services and the users of those services that the service in question will be available for a certain percentage of time. Correct answer- service level agreement (SLA) _________________ are common within the government sector and relate terms of cooperation between two organizations seeking a common goal, such as a joint continuity of operations site. Correct answer- Memorandums of agreement and understanding (MOA/MOU) After a few incidents where customer data was transmitted to a third party, your organization is required to create and adhere to a policy that describes the distribution, protection, and confidentiality of customer data. Which of the following policies should your organization create? A. Privacy B. Due care C. Acceptable use D. Service level agreement Correct answer- A As a managed service provider responsible for Internet-based application services across several external clients, which of the following policies does your organization provide to clients as an agreement for service uptime? A. Code of ethics B. Privacy C. SLA D. Due care Correct answer- C There is a suspicion that Tom, a systems administrator, is performing illegal activities on your company's networks. To gather evidence about his activities, which of the following principles and techniques could you employ? A. Password rotation B. Mandatory vacation C. Need-to-know D. Separation of duties Correct answer- B You need to create an overall policy for your organization that describes how your users can properly make use of company communications services, such as web browsing, e- mail, and File Transfer Protocol (FTP) services. Which of the following policies should you implement? A. Acceptable use policy B. Due care C. Privacy policy D. Service level agreement Correct answer- A __________________ is a numerical calculation of the exact cost of the loss of a specific company asset because of a disaster. ___________________ considers tangible and intangible factors in determining costs. Correct answer- Quantitative risk analysis / Qualitative risk analysis The ___________ is the amount of risk that's acceptable to an organization. Correct answer- risk tolerance ______________ is the level of risk that an organization is willing to take before actions are taken to reduce risk. Understanding an organization's risk appetite will help guide solutions and countermeasure recommendations. Correct answer- Risk appetite The _______________ is the level of risk that remains after controls are put into place to mitigate or reduce risk. Correct answer- residual risk ____________ prevents sensitive and private data from being intercepted or read by unauthorized users. Ex: Using encryption Correct answer- Confidentiality ______________ ensures that your data is consistent and never modified by unauthorized persons or manipulated in any intentional or accidental manner. Ex: Common methods of ensuring integrity are hashing, digital signatures, and certificates. Correct answer- Integrity ________________ ensures that your systems and networks are always operational and providing service to users, minimizing downtime when patching or scanning. Ex: Implementation of a cold, warm, or hot site, and RAID. Correct answer- Availability A ___________ is a living document used to track different types of data elements, most commonly risk factors and risk scenarios. Correct answer- risk register A ______________ outlines your organization's most critical functions and how they'll be affected during a disaster. Correct answer- business impact analysis (BIA) _________________ is the average length of time from the moment a component fails until it is repaired. Correct answer- Mean time to repair (MTTR) _____________ is the length of time that a component is expected to last in regular service. Correct answer- Mean time to failure (MTTF) _______________ is the average length of time a specific component is expected to work until it fails. Correct answer- Mean time between failures (MTBF) ______________ is the maximum amount of time that is considered tolerable for a service or certain business function to be unavailable. Correct answer- Recovery time objective (RTO) _______________ is the maximum acceptable amount of lost data due to an outage or disaster. Correct answer- Recovery point objective (RPO) As part of a risk analysis of a very large and extensive back-end database, you need to calculate the probability and impact of data corruption. Which of the following impact factors allows you to calculate your annualized losses due to data corruption? A. SLE B. SLA C. ARO D. ALE Correct answer- D AJ's management tasks him with determining the right reliability factor to track for the company's new engines. The management wants to know how long they can expect the engine to last before failure, with the expectation that it will then be replaced. What is the best reliability factor? A. Recovery point objective (RPO) B. Mean time to repair (MTTR) C. Mean time between failures (MTBT) D. Mean time to failure (MTTF) Correct answer- D A(n) __________ tracks different types of data elements, most commonly risk factors and risk scenarios. It might also include data that describes different technical or management findings contributing to the risk, as well as threats, vulnerabilities, assets, likelihood, and impact data. A. Acceptable use policy B. Business continuity plan C. Risk register D. Risk matrix Correct answer- C Which of the following is not a standard classification for private or sensitive data? A. Public B. Confidential C. Proprietary D. Consensual Correct answer- D The __________ determines what data will be collected and how it will be used within an organization. A. Data steward B. Data controller C. Data processor D. Data protection officer Correct answer- B _____________________ is the concept of using security and content control features to prevent confidential, private data from leaving your organization's networks. Correct answer- Data loss prevention (DLP) _____________ obfuscates sensitive data by substituting it with a different value ("dummy" value.) Correct answer- Data masking A __________ is a facility that's ready to be operational immediately when the primary site becomes unavailable. It is the most costly. Correct answer- hot site A __________ is like a hot site but without most of the duplicate servers and computers that would be needed to facilitate an immediate switch-over. Correct answer- warm site A __________ merely offers an empty facility with some basic features, such as wiring and some environmental protection, but no equipment. This is the least expensive option. Correct answer- cold site A ____________ is a device or server used to attract and lure attackers