Save
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Sec+ Domain 5

Questions and Answers from the Security+ Exam's Security Program Management part

QuestionAnswer
What is an Acceptable Use Policy (AUP)? A policy that defines acceptable use of company resources
What are the four main risk management strategies? Transfer, Accept, Avoid, Mitigate
What is the difference between RTO and RPO? RTO is Recovery Time Objective (maximum acceptable downtime); RPO is Recovery Point Objective (maximum acceptable data loss)
What is a Service-Level Agreement (SLA)? A contract that defines service expectations and metrics between a service provider and customer
What is the difference between MOA and MOU? MOA (Memorandum of Agreement) is a formal agreement between parties; MOU (Memorandum of Understanding) is a less formal understanding of cooperation
What is the purpose of a Non-Disclosure Agreement (NDA)? To protect confidential information shared between parties
What is the difference between a data controller and a data processor? Controller determines how and why data is processed; Processor processes data on behalf of controllers
What are the consequences of non-compliance? Fines, Sanctions, Reputational damage, Loss of license, Contractual impacts
What is attestation? A formal declaration of compliance
What is the difference between internal and external audits? Internal audits are conducted by the organization itself; External audits are conducted by outside entities
What are the types of penetration testing environments? Known environment, Partially known environment, Unknown environment
What is the difference between passive and active reconnaissance? Passive reconnaissance gathers information without direct interaction; Active reconnaissance directly probes target systems
What is a phishing campaign? Simulated phishing attacks to test employee awareness and response
What is Single Loss Expectancy (SLE)? The monetary cost of a single loss event
What is Annualized Loss Expectancy (ALE)? Expected yearly loss from a risk (SLE × ARO)
What is Annualized Rate of Occurrence (ARO)? Expected frequency of a loss event per year
What is the purpose of a risk register? To document identified risks, their assessment, and management strategies
What are the three types of risk appetite? Expansionary, Conservative, Neutral
What is the right-to-audit clause? A contractual provision allowing an organization to audit a vendor's security practices
What is the difference between exemption and exception in risk acceptance? Exemption is temporary acceptance of risk; Exception is long-term acceptance of risk
What is MTTR? Mean Time To Repair - average time to restore functionality after failure
What is MTBF? Mean Time Between Failures - average time between system failures
What are the main types of risk assessment? Ad hoc, Recurring, One-time, Continuous
What is qualitative risk analysis? Subjective assessment using categories like High, Medium, Low
What is quantitative risk analysis? Numerical assessment of risk using metrics like SLE, ALE, ARO
What is the purpose of a Business Impact Analysis? To determine the potential effects of disruption to critical business operations
What is due diligence in vendor selection? Thorough investigation of a vendor before engagement
What is a Master Service Agreement (MSA)? An overarching agreement that covers multiple services or projects
What is a Statement of Work (SOW)? A document that defines specific deliverables, timelines, and requirements for a project
What is a Business Partners Agreement (BPA)? An agreement that defines the terms of a business relationship between partners
What are the main components of security governance? Guidelines, Policies, Standards, Procedures
What are the four types of security standards mentioned? Password, Access control, Physical security, Encryption
What is the purpose of change management procedures? To ensure changes are implemented securely and with minimal disruption
What is a security playbook? A documented procedure for responding to specific security scenarios
What are the main external considerations for security governance? Regulatory, Legal, Industry, Geographic (Local/regional, National, Global)
What are the main roles in data responsibility? Owners, Controllers, Processors, Custodians/Stewards
What is the "Right to be forgotten"? A data subject's right to have their personal data erased
What is the purpose of vendor monitoring? Ongoing assessment of vendor security posture
What is the purpose of security questionnaires? To evaluate a vendor's security controls and practices
What are rules of engagement in security testing? Defined parameters for security testing activities
What is compliance monitoring? The process of ensuring ongoing adherence to security requirements
What is the purpose of security awareness training? To educate users about security threats and proper security practices
What are the three types of anomalous behavior? Risky, Unexpected, Unintentional
What is insider threat? Security risks that originate from within the organization
What is the difference between initial and recurring security reporting? Initial establishes a baseline; Recurring monitors ongoing awareness
What is the exposure factor in risk analysis? The percentage of asset value that would be lost in a security incident
What is risk tolerance? The amount of risk an organization can withstand
What is risk appetite? The amount of risk an organization is willing to accept
What is the purpose of an audit committee? To provide oversight of audit processes
What is a self-assessment? An internal evaluation of security controls
What is the difference between offensive and defensive penetration testing? Offensive attempts to exploit vulnerabilities; Defensive tests detection and response capabilities
What is integrated penetration testing? Combining multiple testing approaches (physical, offensive, defensive)
What is situational awareness in security? The ability to identify and respond to security threats in real-time
What are the key considerations for hybrid/remote work environments? Secure connections, Device security, Physical security, Data protection
Created by: anapaulaseidel
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards