Risk Analysis

Question 1

describes where a threat originates and the path it takes to reach its target.

Answer 1

Threat Vectors

Question 2

This process involves identifying potential incidents, identifying what is being protected, and determining who might exploit those weaknesses. It provides focus to a security strategy and helps avoid overlooking significant risks.

Answer 2

Threat Definition

Question 3

TYPES OF ATTACKS

viruses, worms, Trojans

Answer 3

Malicious mobile code

Question 4

TYPES OF ATTACKS

banner grabbing or packet sniffing

Answer 4

Manual Attacks

Question 5

TYPES OF ATTACKS

stealthy, targeted attacks often sponsored by hostile governments for political or financial gain.

Answer 5

Advanced Persistent Threats (APTs)

Question 6

This involves creating an inventory of items to protect and determining their value in terms of criticality to the business.

Answer 6

Asset Identification and Valuation

Question 7

____ uses actual monetary values and formulas like Annualized Loss Expectancy (ALE), which multiplies the cost of a single loss (SLE) by the expected frequency of that event per year (ARO).

Answer 7

Quantitative ANalysis

Question 8

____ is often more practical for smaller environments, focusing on assigning severity levels (such as High, Medium, or Low) to threats and assets to guide prioritization.

Answer 8

Qualitative Analysis

Question 9

Risk analysis recognizes that attackers will focus on the easiest path of entry, meaning security must be equivalent or transitive across all systems—technical and non-technical—that have access to a specific asset.

Answer 9

Weakest Link Principle

Question 10

___ is a term used to describe where a threat originates and the path it takes to reach a target.

Answer 10

Threat Vector

Question 11

SECURITY CONTROL CATEGORIES

blocking threats

Answer 11

Preventative

Question 12

SECURITY CONTROL CATEGORIES

noticing attacks

Answer 12

detective

Question 13

SECURITY CONTROL CATEGORIES

discouraging violations

Answer 13

deterrent

Question 14

SECURITY CONTROL CATEGORIES

restoring integrity

Answer 14

corrective

Question 15

SECURITY CONTROL CATEGORIES

restoring availability

Answer 15

recovery

Question 16

SECURITY CONTROL CATEGORIES

backup layers

Answer 16

Recovery

Question 17

SAMPLE THREATS VECTOR ELEMENTS

Lock

Answer 17

Preventative

Question 18

SAMPLE THREATS VECTOR ELEMENTS

Firewalls

Answer 18

Preventative

Question 19

SAMPLE THREATS VECTOR ELEMENTS

Guards on Station

Answer 19

Preventative

Question 20

SAMPLE THREATS VECTOR ELEMENTS

Cameras

Answer 20

Detective

Question 21

SAMPLE THREATS VECTOR ELEMENTS

IDS, logging, SIEM

Answer 21

Detective

Question 22

SAMPLE THREATS VECTOR ELEMENTS

Guards Patrolling

Answer 22

Detective

Question 23

SAMPLE THREATS VECTOR ELEMENTS

Signs barbed wire

Answer 23

Deterrent

Question 24

SAMPLE THREATS VECTOR ELEMENTS

Security policies

Answer 24

Deterrent

Question 25

SAMPLE THREATS VECTOR ELEMENTS Visible guards and cameras

Answer 25

Deterrent

Question 26

SAMPLE THREATS VECTOR ELEMENTS Dynamic pop up warnings

Answer 26

Deterrent

Question 27

SAMPLE THREATS VECTOR ELEMENTS HR Penalties

Answer 27

corrective

Question 28

SAMPLE THREATS VECTOR ELEMENTS Redundancy

Answer 28

Corrective

Question 29

SAMPLE THREATS VECTOR ELEMENTS backups, data replication

Answer 29

Recovery

Question 30

SAMPLE THREATS VECTOR ELEMENTS Disaster recovery plans

Answer 30

Recovery

Question 31

SAMPLE THREATS VECTOR ELEMENTS Manual Processes

Answer 31

Compensative