CompTIA Security+ (SY0-501) Multiple Choice Questions 2022 | 240 Questions with 100% Correct Answers

Document Content and Description Below

You're the chief security contact for MTS. One of your Primary tasks is to document everything related to security and create a manual that can be used to manage the company in your absence. Which d... ocuments should be referenced in your manual as the ones that identify the methods used to accomplish a given task? A. Policies B. Standards C. Guidelines D. BIA - ✔✔C. Guidelines help clarify processes to maintain standards. Guidelines tend to be less formal than policies or standards. Consider the following scenario: The asset value of your company's primary servers is $2 million. Tornadoes in this part of the country are not uncommon, and it is estimated that one will level the building every 60 years. Which of the following is the SLE for the scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67 - ✔✔A. SLE = Single Lost Expectancy so just the one item. Refer to the scenario in question 2. Which of the following amounts is the ALE for this scenario? A. $2 million B. $1 million C. $500,000 D. $33,333.33 E. $16,666.67 - ✔✔D. ALE (annual loss expectancy) is equal to the SLE times the annualized rate of occurrence. In this case, the SLE is $2 million and the ARO is 1/60. Refer to the scenario in question 2. Which of the following amounts is the ARO for this scenario? A. 0.0167 B. 1 C. 5 D. 16.7 E. 60 - ✔✔A. ARO (annualized rate of occurrence) is the frequency (in number of years) that an event can be expected to happen. In this case, ARO is 1/60, or 0.0167.Which of the following strategies involves identifying a risk and making the decisions to discontinue engaging in the action? A. Risk acceptance B. Risk avoidance C. Risk deterrence D. Risk mitigation E. Risk transference - ✔✔B. Risk avoidance involves identifying a risk and making the decision to no longer engage in the actions associated with that risk. Which of the following policy statements may include an escalation contact in the event that the person dealing with the situation needs to know who to contact? A. Scope B. Exception C. Overview D. Accountability - ✔✔B. The exception policy statement may include an escalation contact in the event that the person dealing with with a situation needs to know whom to contact. Which of the following policies are designed to reduce the risk of fraud and prevent other losses in the organization? A. Separation of duties B. Acceptable use C. Least privilege D. Physical access control - ✔✔A. A separation of duties policy is designed to reduce the risk of fraud and to prevent other losses in an organization. What is the term used for events that were mistakenly flagged although they weren't truly events about which to be concerned? [Show More]

Last updated: 1 year ago

Preview 1 out of 47 pages