CFR 410 Part 1 With Correct Questions
And Answers | Verified Solutions 2024
Elements of Cybersecurity - Correct Answer-Assets, Threats, Attack, Vulnerability,
Exploit, Control
Risk-Determining Risk - Correct Answer-Risk is often associated with the loss of a
system, power, or network, and other physical losses. Risk=Threats X Vulnerabilities X
Consequences
Asset - Correct Answer-Anything of value which could be damaged, lost, harmed.
Includes loss of intellectual property, trade secrets
Threats - Correct Answer-Events or Actions which could potentially cause loss,
damage, harm, compromise to asset or services
Attack - Correct Answer-The act (Intentional) to bypass/destroy/compromise security
services or compromise an IT System or IT Control
Vulnerability - Correct Answer-Something which could leave an IT System open to
harm/compromise/destruction. Things like backdoors, insecure-weak passwords, limited
physical security, software bugs
Exploit - Correct Answer-Method or technique used by attacker to take advantage of a
know/unknown weakness in IT services/devices. Can be a device, software, script, or
physical action
Controls - Correct Answer-It is a specific method, techniques put in place to avoid,
counteract, mitigate known security risks
Determining Risk- Risk=Threats X Vulnerabilities X Consequences - Correct Answer-A
threat (something/someone can take advantage of vulnerabilities) A vulnerability
(weakness/deficiency) which enables an attacker(s) to violate/harm/disclose/deny
access to an IT System. A consequence (So what/impact/Result) is damage
(Actual/Intellectual/Reputation) that occurs from the attack.
The factors which make up risk - Correct Answer-Threats, Vulnerabilities, and
Consequences
The risk management process (4 Step) Identify, Assessment, Analysis, Response -
Correct Answer-Basically, defined as the cyclical (revolving) process of identifying,
assessing, analyzing, and responding to risks to safeguard IT
Services/Devices/Intellectual Property/Corp Information.
, Knowing Risk Exposure in risk Management - Correct Answer-Exposure is a
property/indicator which dictates how susceptible (Open to attack) an
organization/Company/system is to damage/loss/release-Confidential or sensitive
Information. Risk exposure defined by multiplying all three factors (Vulnerability X
Exposure X Consequences). Again Complexity Possibility and Impact determines
Priority.
SOC/Cybersecurity conduct Risk Analysis to Protect/Prevent - Correct Answer-Analysis
helps determine how to protect devices, networks, information, people, and other
assets. Goal is to minimize damage to the organization (Reputation, Finance, Physical
Assets).
Three types of Risk Analysis - Correct Answer--Qualitative (Ranking, Generalizations,
Estimations) -Quantitative ($$ or ## Stats) - Semi-quantitative (Hybrid) Some times
value greater than the numbers ($$-##)
Qualitative Analysis - Correct Answer-Qualitative analysis methods use descriptions
and words to measure vs numbers and amounts. Terms like High, Medium, Low.
Ranking/Scales such as 1-10 to reflect likelihood and impact of a risk.
Quantitative analysis - Correct Answer-Quantitative analysis is completely based on
numeric values (raw data). Data from historical averages/numbers but caution as risk
may not be quantifiable using strictly Numbers.
Semi-quantitative - Correct Answer-Semi-quantitative analysis (Hybrid) exists due to
impossibilities for a pure quantitative assessments. Example is reputation which is
speculative.
Understanding various types of Risk in an organization - Correct Answer-Legal,
Physical (assets), Financial, Operations (services), Infrastructure, Intellectual property,
Health, and reputation of a company/organization
Security Standards and Frameworks (Various Organizations) - Correct Answer-NIST,
FISMA, RMF, COBIT, ITAF, IS/IEC 2700 series, Information Security Forum (ISF), REC
2196, Center for Internet Security (CIS)
National Institute of Standards and Technology (NIST) - Correct Answer-NIST- Non-
regulator US Government Agency. Unified Framework, Provides Guidance for
managing Risk, Seeks to adopt Best Practices in Cybersecurity. Consist of CORE
(Activities/outcomes), PROFILE (Outcome to Organization, TIERS (RM aligns
Cybersecurity Framework Characteristics).
NIST SP 800-61 - Correct Answer-Computer Security Incident Handling Guide
(Cybersecurity).
And Answers | Verified Solutions 2024
Elements of Cybersecurity - Correct Answer-Assets, Threats, Attack, Vulnerability,
Exploit, Control
Risk-Determining Risk - Correct Answer-Risk is often associated with the loss of a
system, power, or network, and other physical losses. Risk=Threats X Vulnerabilities X
Consequences
Asset - Correct Answer-Anything of value which could be damaged, lost, harmed.
Includes loss of intellectual property, trade secrets
Threats - Correct Answer-Events or Actions which could potentially cause loss,
damage, harm, compromise to asset or services
Attack - Correct Answer-The act (Intentional) to bypass/destroy/compromise security
services or compromise an IT System or IT Control
Vulnerability - Correct Answer-Something which could leave an IT System open to
harm/compromise/destruction. Things like backdoors, insecure-weak passwords, limited
physical security, software bugs
Exploit - Correct Answer-Method or technique used by attacker to take advantage of a
know/unknown weakness in IT services/devices. Can be a device, software, script, or
physical action
Controls - Correct Answer-It is a specific method, techniques put in place to avoid,
counteract, mitigate known security risks
Determining Risk- Risk=Threats X Vulnerabilities X Consequences - Correct Answer-A
threat (something/someone can take advantage of vulnerabilities) A vulnerability
(weakness/deficiency) which enables an attacker(s) to violate/harm/disclose/deny
access to an IT System. A consequence (So what/impact/Result) is damage
(Actual/Intellectual/Reputation) that occurs from the attack.
The factors which make up risk - Correct Answer-Threats, Vulnerabilities, and
Consequences
The risk management process (4 Step) Identify, Assessment, Analysis, Response -
Correct Answer-Basically, defined as the cyclical (revolving) process of identifying,
assessing, analyzing, and responding to risks to safeguard IT
Services/Devices/Intellectual Property/Corp Information.
, Knowing Risk Exposure in risk Management - Correct Answer-Exposure is a
property/indicator which dictates how susceptible (Open to attack) an
organization/Company/system is to damage/loss/release-Confidential or sensitive
Information. Risk exposure defined by multiplying all three factors (Vulnerability X
Exposure X Consequences). Again Complexity Possibility and Impact determines
Priority.
SOC/Cybersecurity conduct Risk Analysis to Protect/Prevent - Correct Answer-Analysis
helps determine how to protect devices, networks, information, people, and other
assets. Goal is to minimize damage to the organization (Reputation, Finance, Physical
Assets).
Three types of Risk Analysis - Correct Answer--Qualitative (Ranking, Generalizations,
Estimations) -Quantitative ($$ or ## Stats) - Semi-quantitative (Hybrid) Some times
value greater than the numbers ($$-##)
Qualitative Analysis - Correct Answer-Qualitative analysis methods use descriptions
and words to measure vs numbers and amounts. Terms like High, Medium, Low.
Ranking/Scales such as 1-10 to reflect likelihood and impact of a risk.
Quantitative analysis - Correct Answer-Quantitative analysis is completely based on
numeric values (raw data). Data from historical averages/numbers but caution as risk
may not be quantifiable using strictly Numbers.
Semi-quantitative - Correct Answer-Semi-quantitative analysis (Hybrid) exists due to
impossibilities for a pure quantitative assessments. Example is reputation which is
speculative.
Understanding various types of Risk in an organization - Correct Answer-Legal,
Physical (assets), Financial, Operations (services), Infrastructure, Intellectual property,
Health, and reputation of a company/organization
Security Standards and Frameworks (Various Organizations) - Correct Answer-NIST,
FISMA, RMF, COBIT, ITAF, IS/IEC 2700 series, Information Security Forum (ISF), REC
2196, Center for Internet Security (CIS)
National Institute of Standards and Technology (NIST) - Correct Answer-NIST- Non-
regulator US Government Agency. Unified Framework, Provides Guidance for
managing Risk, Seeks to adopt Best Practices in Cybersecurity. Consist of CORE
(Activities/outcomes), PROFILE (Outcome to Organization, TIERS (RM aligns
Cybersecurity Framework Characteristics).
NIST SP 800-61 - Correct Answer-Computer Security Incident Handling Guide
(Cybersecurity).
