Risk Numbers
Business Impact
3rd Party Risk
Reg/Standards'
Exploitation Frameworks
Risk Types
100
What is Asset Value?
Asset Value is not always a set number there is also other factors
100
What is (DRP) and how is it related to Business Continuity
What is Disaster recovery plan (DRP)
100
What is a (NDA)?
What is Nondisclosure Agreement (NDA)
100
What is the GDPR?
What is the General Data Protection Regulation (GDPR)?
100
What is Metasploit?
Metasploit is an open-source penetrating framework used by security engineers as a penetration testing system and a development platform that allows to create security tools and exploits
100
Describe Internal vs External risk types?
What is inside of the company vs outside of the company
200
What is (SLE)?
What is Single Loss Expectancy (SLE)
200
What is (MTBF)?
What is Mean time between failures (MTBF)
200
What is a (MOU)?
What is a Memorandum of understanding (MOU)?
200
What is the (PCI DSS)?
What is the Payment Card Industry Data Security Standard (PCI DSS)?
200
John the Ripper and Cain & Able are examples of what?
What are Password hacking tools
200
What are the two Risk assessment types?
What are the two Risk assessment types
- Qualitative
- Quantitative
300
What is (ALE)?
What is Annualized loss expectancy (ALE)
300
What is (RTO)?
What is Recovery time objective (RTO)
300
What is (SLA)?
What is Service level agreement (SLA)?
300
NIST stands for what?
What is National Institute of Standards
and Technology (NIST)
300
What is Burp suit used for?
Intercepting HTTP, & HPTTPS traffic
300
What is a single point of failure?
A Single point of failure is anything that if it is removed will cause a catastrophic occurrence. One person doing to many roles, one security point for many entry points, one essential device to a network.
400
What is (ARO)?
What is Annualized rate of occurrence (ARO)
400
What is (MTTR)?
What is Mean time to repair (MTTR)?
400
What is a (BPA)?
What is a Business partnership agreement (BPA)?
400
What does (ISO) stand for?
What is International Organization
for Standardization (ISO)
400
What is Aircrack-ng?
What is Aircrack-ng is a complete suite of tools to assess WiFi network security
400
What is a Risk register?
What a risk register is, is a living document used to track different types of data elements, most commonly risk factors and risk scenarios.
500
What comes next SLE x ARO = ?
The ALE is the total cost of an item being replaced
500
What is (RPO)?
What is Recovery point objective (RPO)?
500
What is (MSA)?
What is Measurement systems analysis (MSA)?
500
What is NIST SP 800-35
What is Guide to Information Technology Security Services
500
Name three basic types of password attacks used?
What is Dictionary, Brute force, Hybrid or Rainbow tables
500
Describe risk Acceptance, Avoidance, Mitigation, and Transference
What is Acceptance you own it
- Avoidance you choose to not or stop doing something.
- Transference you give this to a third part (insurance, cloud, pay role company)
- Mitigation: you choose to set up redundancies, Policies, etc.