Home > Articles > Certification > Other IT

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Exam Prep Questions

  1. Which of the following levels represent the military classification system?

    1. Confidential, private, sensitive, and public

    2. Top secret, secret, private, sensitive, and public

    3. Top secret, confidential, private, sensitive, and unclassified

    4. Top secret, secret, confidential, sensitive, and unclassified

  2. This method of handling risk works by using a third party to absorb a portion of the risk.

    1. Risk reduction

    2. Risk transference

    3. Risk acceptance

    4. Risk rejection

  3. You have been asked to calculate the annualized loss expectancy (ALE) for the following variables:

  4. Single loss expectancy = $25

    Exposure factor = .9

    Annualized rate of occurrence = .4

    Residual risk = $30

    1. $9.00

    2. $22.50

    3. $10.00

    4. $14.27

  5. Place the following formulas in order:

    1. ALE, residual risk, SLE, ARO

    2. ALE, ARO, SLE, residual risk

    3. ARO, SLE, ALE, residual risk

    4. SLE, ARO, ALE, residual risk

  6. The downside of performing this type of assessment is that you are not working with dollar values, so it is sometimes harder to communicate the results of the assessment to management.

    1. Qualitative

    2. Quantitative

    3. Numeric mitigation

    4. Red team

  7. This category of control can include the logical mechanisms used to control access and authenticate users.

    1. Administrative

    2. Clerical

    3. Technical

    4. Physical

  8. Which of the following formulas represents total risk?

    1. Risk X Vulnerability X Asset value = Total risk

    2. Threat X Vulnerability X Asset value = Total risk

    3. Risk X Value/Countermeasure = Total risk

    4. Threat - Vulnerability/Asset value = Total risk

  9. Which of the following is a flaw, loophole, oversight, or error that makes an organization susceptible to attack or damage?

    1. Risk

    2. Vulnerability

    3. Threat

    4. Exploit

  10. This is the most specific of security documents.

    1. Procedures

    2. Standards

    3. Policies

    4. Baselines

  11. The last thing you want in an organization is that everyone is accountable but no one is responsible. Therefore, the data owner should be which of the following groups?

    1. End users.

    2. Technical managers.

    3. Senior management.

    4. Everyone is responsible; therefore, all groups are owners.

  • + Share This
  • 🔖 Save To Your Account