By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Generally, controls deter, prevent, detect, or correct. Some controls, such as anti-malware, provide more than one of those functions.
1 . A computer login notification is an example of a common preventive control. 2 . Compensating controls are used when a business or technological constraint exists and an alternate control is effective in the current security threat landscape. 3 . SLA, BPA, MOU, and ISA are types of interoperability agreements that help mitigate risk when dealing with third parties. 4 . User types require unique training and awareness. The user types include general users, privileged users, system administrators, executive users, data owners, and system owners. The latter three are in positions that are responsible for creating or managing security policies. 5 . Users must be given training in the proper use of their various personal applications, including email and social media networks. This training should address any limitations or expectations regarding their use. 6 . RPO designates the amount of data that will be lost or will have to be reentered due to network downtime. 7 . RTO designates the amount of time that can pass before a disruption begins to seriously impede normal business operations. 8 . MTBF is the average time before a product requires repair. 9 . MTTF is the average time before a product fails and cannot be repaired.10. A privacy threshold assessment determines whether systems contain personal information. A privacy impact assessment is needed for any organization that collects, uses, stores, or processes such information.11. Risk assessment is largely a function of threat, vulnerability, and impact. It can be considered with this formula: Risk = Threat x Vulnerability x Impact12. Risk identification includes asset identification, risk assessment, threat identification and classification, and identification of vulnerabilities.13. Regarding risk, qualitative measures are based on subjective values; they are less precise than quantitative measures, which rely on numbers.14. An identified risk can be accepted, mitigated, transferred, or avoided. Purchasing insurance is a common example of transferring risk.15. ALE equals the SLE times the ARO.16. Change management is important because change introduces risk that can impact systems and services.17. A DRP details considerations for backup and restoration, including secure recovery methods.18. To be considered PII, information must be specifically associated with an individual person.19. Data owners determine data’s classification level. Data custodians implement the controls for the data.20. Degaussing is a data disposal method that involves using a tool to reduce or remove the magnetic field of storage media.21. Benchmarks provide guidance for creating a secure configuration posture.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.