Sec+ 701 Domain 5 Quiz

Plan we use to respond to natural disasters.

Plan we use to respond to someone attacking us.

Document that an employee signs before touching any IT asset at our company.

A step-by-step guide that shows us how to respond to specific incidents.

Plan we use to ensure we maintain operational availability.

A policy that ensures we train employees across multiple positions - helping us detect fraud.

An organization that provides standards for basic security hygiene.

A process that we use in our organization to implement modifications to processes and procedures.

A policy that ensures all employees only get the accesses and permissions they need to do their job.

A policy that detects and prevents fraud by splitting up duties in sensitive processes.

Process we use to properly create software.

Analysis performed on code while a program is running.

Analysis performed on code at a stand-still.

Software model that can go forward and backward.

Software model that can only go forward.

Code in a program that does not execute when the program runs.

A software tool that will track changes and revisions in a software version.

A place where we can store different versions of our code.

A tool we use to inject random input into a program for testing.

A process that allows us to integrate and deploy code faster.

Standard that requires a company to handle PII data in a private manner.

The "Right to be forgotten" law that observes the privacy of a persons right to be removed from the internet.

Supporting document that provides security controls to help set up an ISMS.

Law that requires a company to handle credit card/debit card data in secure way.

Requires a company to set up an ISMS if they deal with infosec.

The most common result of noncompliance.

The biggest concern of noncompliance.

The requirement for a company to conduct their own research on applicable laws and regulations.

Term that tells a company they must adhere to laws int he geographical area in which it operates.

A term that defines a length of time in which a government entity has directed we must keep data for.

Person in company responsible for making sure our data policies meet regulatory law.

Person in a company responsible for creating policies about how we handle data.

Department in company that maintains the infrastructure that houses any data.

Person in company who directly handles the data and enforces data policy.

Person in company who keeps a complete inventory of all data.

The total amount of risk a company is able to take on.

A type of risk assessment that assigns a monetary value to risks.

A record that identifies and tracks all known risks in a company.

The amount of risk a company decides to take on,

The process of going through and finding all known risks in an organization.

Risk mitigation strategy that attempts to remove risk by not taking an action.

Risk mitigation strategy that requires a company to take on the remaining risk.

The process of taking inherent risk and mitigating it to residual risk.

Risk mitigation strategy that attempts to remove risk by giving part of it to a third party.

Risk mitigation strategy that attempts to remove risk by implementing a security control.

The % of the asset value that will decrease when an event occurs.

The estimation of occurrences per year for a risk event.

A formula we use to assign a monetary value to a risk event occurring.

The accumulated costs of all events that occurred in one year.

The cost of one event occurring.