Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Cyber Risk Management for Technicians, Exams of Computer Science

Harvard UniversityComputer Science

An overview of cyber risk management concepts and techniques for technicians. It covers topics such as automating host characteristic monitoring, assessing residual risk, understanding information system high water marks, network analysis tools, nist security standards, risk management frameworks, and security control assessment. The document aims to equip technicians with the knowledge and tools to effectively manage cyber risks within their organizations. It delves into key risk management principles, security control implementation, and the use of various cybersecurity tools and methodologies. By studying this document, technicians can gain a comprehensive understanding of the cyber risk landscape, enabling them to make informed decisions and implement robust security measures to protect their organization's assets and information systems.

Typology: Exams

2024/2025

Available from 10/23/2024

AcademicMinds
AcademicMinds 🇺🇸

2.3K documents

1 / 3

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
FedVTE Cyber Risk Management For
Technicians
In order to automate host characteristic monitoring you can compare baselines and
snapshots with syslog. - False
The following should be taken into account when accepting the residual risk inherent in the
project. - All of the above
What is the high water mark for an information system? - Highest Potential Impact value
assigned to each Security Objective (AIC) for all Security Categories resident on the system
and the overall classification of the system.
Which of the following describes NetScan Tools Pro? - B. A powerful command line packet
analyzer
C. A tool that provides advanced network trace routing
D. A collection of Internet information gathering and network troubleshooting utilities
FIPS 200 is: - A short document that describes the minimum security requirements for
information and information systems
Which risk comes from a failure of the controls to properly mitigate risk? - A. Inherent risk
C. Control Risk
D. All of the above
Open Source Security (OSSEC) is what? - A host based security system that monitors for
changes
What tool would be best to automatically detect your network and construct a complete
and easy to view network map? - LANsurveyor
Which NIST special publication is a guide for Applying the Risk Management Framework to
Federal Information Systems: A Security Life Cycle Approach? - NIST SP 800 37
Which of the following is a part of the Examine Method? - Inspecting the physical security
measures
If the cost of controls exceeds the benefit the organization may choose to accept the risk
instead. - True
pf3

Partial preview of the text

Download Cyber Risk Management for Technicians and more Exams Computer Science in PDF only on Docsity!

FedVTE Cyber Risk Management For

Technicians

In order to automate host characteristic monitoring you can compare baselines and snapshots with syslog. - False The following should be taken into account when accepting the residual risk inherent in the project. - All of the above What is the high water mark for an information system? - Highest Potential Impact value assigned to each Security Objective (AIC) for all Security Categories resident on the system and the overall classification of the system. Which of the following describes NetScan Tools Pro? - B. A powerful command line packet analyzer C. A tool that provides advanced network trace routing D. A collection of Internet information gathering and network troubleshooting utilities FIPS 200 is: - A short document that describes the minimum security requirements for information and information systems Which risk comes from a failure of the controls to properly mitigate risk? - A. Inherent risk C. Control Risk D. All of the above Open Source Security (OSSEC) is what? - A host based security system that monitors for changes What tool would be best to automatically detect your network and construct a complete and easy to view network map? - LANsurveyor Which NIST special publication is a guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach? - NIST SP 800 37 Which of the following is a part of the Examine Method? - Inspecting the physical security measures If the cost of controls exceeds the benefit the organization may choose to accept the risk instead. - True

Which of the following families of controls belongs to the technical class of controls? - Identification and Authentication Which tier of Risk Management is associated with Enterprise Architecture? - Tier 2 Mission (Business Process) In NIST SP 800 53 the security control structure consists of all the following components except for: - All of these are in the security control structure:

  • Priority and baseline allocation
  • Supplemental guidance
  • Control enhancements Kismet is different from a normal network sniffer such as Wireshark or tcpdump because it separates and identifies different wireless networks in the area. - True What is the order of the Change Control Process? - A. Request : Approval : Build : Impact Assessment : If successful Implement B. Request : Impact Assessment : Approval : Build and or Test : Implement D. Request : Impact Assessment : Build and or Test : Approval : Implement The threat source is highly motivated and sufficiently capable and controls to prevent the vulnerability from being exercised are ineffective. Which likelihood rating does this describe? - High Which of the following is not part of the process for assessing security controls according to NIST SP 800 53A 1? - A. Study C. Conduct D. Analyze Which step of a risk assessment uses the history of system attacks? - Step 2: Threat Identification In risk management people and information and technology are examples of? - Assets What type of analysis involves using scales to suit circumstances and allows for quick identification of potential risks as well as vulnerable assets and resources? - B. Audit Analysis C. Qualitative Analysis D. Cost/benefit analysis