COMPTIA SECURITY +
Name the three (3) categories of control types ANS: 1. technical
2. Mangaement
3. Operational
How do you calculate risk? ANS: qualitatively ( subjective)
quantitatively ( objective )
______ risk calculations assign dollar amounts and the basic formula is ______ ANS: Quantitative / SLE x
ARO + ALE
define SLE ANS: Single Loss Expectancy
define ARO ANS: annualized rate of occurance
Define ALE ANS: annual loss expectancy
The approach to risk that invovles not engaging in tthat activity is ? ANS: avoidance
The approach to risk that makes you THINK INSURANCE is? ANS: transference
The approach to risk that involves taking steps to reduce the risk is ?? ANS: mitigation
The approach to risk that involves living with the risk is ? ANS: acceptance
,The process of implementing and maintaining a secure network must first be addressed from a ______ ,
_______and _______ perspective. ANS: policies, standards and guidlines
______ and ____ set a standard of expectation in an organization ANS: policies and guidlines
____ tell people what is expected ANS: standards
_____ provide specific advice on how to accomplish a given task or activity ANS: guidlines
RAID stands for ANS: redundant array of independent disks
RAID level ___ does not include any fault tolerance ANS: RAID Level 0
RAID Level __ can be implemented as mirroring or duplexing. ANS: RAID Level 1
In RAID Level 1 what is the difference between mirroring and duplexing ? ANS: duplexing includes
multiple controllers
RAID Level __ is known as disk stripping woih parity ANS: RAID Level 5
You are the chief security contact for MTS. One of your primary tasks is to document everything related
to security and to create a manual that can be used to manage the company in your absence. Which
documents should be referenced in your manual as the ones that identify the methods used to
accomplish a given task??
a. Policies
b. standards
c. Guidelines
,d. BIA ANS: Guidlines
The asset value of your company's primary servers is $2 Million, they are housed in a single office
building in Anderson, Indiana. Field offices are scattered throughout the United States, but the work
stations located at the field offices serve as thin clients and access data from the Anderson Servers.
Tornados in this part of the country are not uncommon, and it is estimated that one will level the
building every 60 years. Which of the following is a SLE for this scenario?
a. $2 million
b. $1 million
c. $500,000
d. $33,333.33
e. $16,666.67 ANS: a.
The asset value of your company's primary servers is $2 Million, they are housed in a single office
building in Anderson, Indiana. Field offices are scattered throughout the United States, but the work
stations located at the field offices serve as thin clients and access data from the Anderson Servers.
Tornados in this part of the country are not uncommon, and it is estimated that one will level the
building every 60 years. Which of the following amounts is the ALE for this scenario??
a. $2milliion
b. $1 million
c. $500,000
d. $33,333.33
e. $16,666.67 ANS: d
The asset value of your company's primary servers is $2 Million, they are housed in a single office
building in Anderson, Indiana. Field offices are scattered throughout the United States, but the work
stations located at the field offices serve as thin clients and access data from the Anderson Servers.
Tornados in this part of the country are not uncommon, and it is estimated that one will level the
building every 60 years. Which of the following is the ARO for this scenario??
A. 0.0167
, b. 1
c. 5
d. 16.7
e. 60 ANS: a.
Which of the following strategies involves identifying a risk and making the decision to discontinue
engaging in the action
a. risk acceptance
b. risk avoidance
c. risk mitigation
d. risk transference ANS: b.
Which of the following policy statements may include an escalation contact in the event that the person
dealing with a situation needs to know who to contact?
a. scope
b. exception
c. overview
d. accountability ANS: b.
Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an
organization??
a. Separation of Duties
b. Acceptable use
c. Least Privilege
d. Physical access control ANS: a.
Name the three (3) categories of control types ANS: 1. technical
2. Mangaement
3. Operational
How do you calculate risk? ANS: qualitatively ( subjective)
quantitatively ( objective )
______ risk calculations assign dollar amounts and the basic formula is ______ ANS: Quantitative / SLE x
ARO + ALE
define SLE ANS: Single Loss Expectancy
define ARO ANS: annualized rate of occurance
Define ALE ANS: annual loss expectancy
The approach to risk that invovles not engaging in tthat activity is ? ANS: avoidance
The approach to risk that makes you THINK INSURANCE is? ANS: transference
The approach to risk that involves taking steps to reduce the risk is ?? ANS: mitigation
The approach to risk that involves living with the risk is ? ANS: acceptance
,The process of implementing and maintaining a secure network must first be addressed from a ______ ,
_______and _______ perspective. ANS: policies, standards and guidlines
______ and ____ set a standard of expectation in an organization ANS: policies and guidlines
____ tell people what is expected ANS: standards
_____ provide specific advice on how to accomplish a given task or activity ANS: guidlines
RAID stands for ANS: redundant array of independent disks
RAID level ___ does not include any fault tolerance ANS: RAID Level 0
RAID Level __ can be implemented as mirroring or duplexing. ANS: RAID Level 1
In RAID Level 1 what is the difference between mirroring and duplexing ? ANS: duplexing includes
multiple controllers
RAID Level __ is known as disk stripping woih parity ANS: RAID Level 5
You are the chief security contact for MTS. One of your primary tasks is to document everything related
to security and to create a manual that can be used to manage the company in your absence. Which
documents should be referenced in your manual as the ones that identify the methods used to
accomplish a given task??
a. Policies
b. standards
c. Guidelines
,d. BIA ANS: Guidlines
The asset value of your company's primary servers is $2 Million, they are housed in a single office
building in Anderson, Indiana. Field offices are scattered throughout the United States, but the work
stations located at the field offices serve as thin clients and access data from the Anderson Servers.
Tornados in this part of the country are not uncommon, and it is estimated that one will level the
building every 60 years. Which of the following is a SLE for this scenario?
a. $2 million
b. $1 million
c. $500,000
d. $33,333.33
e. $16,666.67 ANS: a.
The asset value of your company's primary servers is $2 Million, they are housed in a single office
building in Anderson, Indiana. Field offices are scattered throughout the United States, but the work
stations located at the field offices serve as thin clients and access data from the Anderson Servers.
Tornados in this part of the country are not uncommon, and it is estimated that one will level the
building every 60 years. Which of the following amounts is the ALE for this scenario??
a. $2milliion
b. $1 million
c. $500,000
d. $33,333.33
e. $16,666.67 ANS: d
The asset value of your company's primary servers is $2 Million, they are housed in a single office
building in Anderson, Indiana. Field offices are scattered throughout the United States, but the work
stations located at the field offices serve as thin clients and access data from the Anderson Servers.
Tornados in this part of the country are not uncommon, and it is estimated that one will level the
building every 60 years. Which of the following is the ARO for this scenario??
A. 0.0167
, b. 1
c. 5
d. 16.7
e. 60 ANS: a.
Which of the following strategies involves identifying a risk and making the decision to discontinue
engaging in the action
a. risk acceptance
b. risk avoidance
c. risk mitigation
d. risk transference ANS: b.
Which of the following policy statements may include an escalation contact in the event that the person
dealing with a situation needs to know who to contact?
a. scope
b. exception
c. overview
d. accountability ANS: b.
Which of the following policies are designed to reduce the risk of fraud and prevent other losses in an
organization??
a. Separation of Duties
b. Acceptable use
c. Least Privilege
d. Physical access control ANS: a.
