CompTIA Sec+ Cert Prep 10 - Gov, Risk,
Compliance (Answered) 95 Q&A. 100%
Correct, Updated fall 2024/2025.
risk assessment
identifies and prioritizes risk
threat
external force jeopardizing security
threat vector
the specific methods that threats/attackers use to exploit a vulnerability
vulnerability
weakness in security controls
risks
the combination of a vulnerability and corresponding threat
likelihood and impact
Prioritize risks by ____ and ______
Qualitative risk assessment
Uses subjective ratings to evaluate risk likelihood and impact
Quantitative Risk Assessment
Uses objective numeric ratings to evaluate risk likelihood and impact
asset value (AV)
dollar value of an asset
-original cost, depreciated cost, replacement cost
exposure factor (EF)
expected percentage of damage to an asset
Single loss expectancy (SLE)
Expected dollar loss if a risk occurs one time
AV*EF=
Annualized Rate of Occurrence (ARO)
, number of times a risk is expected to occur each year
Annualized Loss Expectancy (ALE)
Expected dollar loss from a risk in any given year
SLE*ARO=
Meantime to failure (MTTF)
average time a nonrepairable component will last
Meantime between failures (MTBF)
average time gap between failures of a repairable component
Mean Time to Repair (MTTR)
Average time required to return a repairable component to service.
internal risk
risk type
arise from within an organization
external risk
risk type
outside the organization
multiparty risks
risk type
shared across many organizations
legacy risks
arise from unsupportable systems
intellectual property theft
______ poses a risk to knowledge based organizations
software license compliance
_____ issues create the risk of fines and legal action
data classification policies
Assign information into categories, known as classifications, that determine storage, handling and access
requirements
-assigned based on sensitivity and criticality information
Top secret
secret
Compliance (Answered) 95 Q&A. 100%
Correct, Updated fall 2024/2025.
risk assessment
identifies and prioritizes risk
threat
external force jeopardizing security
threat vector
the specific methods that threats/attackers use to exploit a vulnerability
vulnerability
weakness in security controls
risks
the combination of a vulnerability and corresponding threat
likelihood and impact
Prioritize risks by ____ and ______
Qualitative risk assessment
Uses subjective ratings to evaluate risk likelihood and impact
Quantitative Risk Assessment
Uses objective numeric ratings to evaluate risk likelihood and impact
asset value (AV)
dollar value of an asset
-original cost, depreciated cost, replacement cost
exposure factor (EF)
expected percentage of damage to an asset
Single loss expectancy (SLE)
Expected dollar loss if a risk occurs one time
AV*EF=
Annualized Rate of Occurrence (ARO)
, number of times a risk is expected to occur each year
Annualized Loss Expectancy (ALE)
Expected dollar loss from a risk in any given year
SLE*ARO=
Meantime to failure (MTTF)
average time a nonrepairable component will last
Meantime between failures (MTBF)
average time gap between failures of a repairable component
Mean Time to Repair (MTTR)
Average time required to return a repairable component to service.
internal risk
risk type
arise from within an organization
external risk
risk type
outside the organization
multiparty risks
risk type
shared across many organizations
legacy risks
arise from unsupportable systems
intellectual property theft
______ poses a risk to knowledge based organizations
software license compliance
_____ issues create the risk of fines and legal action
data classification policies
Assign information into categories, known as classifications, that determine storage, handling and access
requirements
-assigned based on sensitivity and criticality information
Top secret
secret
