CYBERSECURITY ANALYST (CSA+) - PRACTICE TEST QUESTIONS WITH CORRECT ANSWERS

Mark is attempting to evaluate the potential impact of a firewall breach at his company. He is only looking at the relationship between the threats, vulnerabilities, and controls to evaluate the impact of a hypothetical breach. What type of approach to risk analysis is this? CORRECT ANSWER Qualitative Mark is using the qualitative approach which uses descriptions and words to measure the likelihood and impact of a risk. Examining the relationships between threats, vulnerabilities, and controls without quantitative measurements is a qualitative approach. Because some aspects of security can be difficult to measure, the qualitative approach is commonly used. If SLE of a risk is $25,000 and ARO occurs once every four years, then what will be the ALE? CORRECT ANSWER $6,250 The ALE (annual loss expectancy) value is calculated by multiplying an SLE by its ARO to determine the financial magnitude of a risk on an annual basis. ALE (annual loss expectancy) = SLE (single loss expectancy) X ARO (annual rate of occurrence) If SLE of a risk is $25,000 and ARO occurs once every four years, then ALE is $6,250 ($25,000*0.25). Rose, a security administrator, implements screen savers that lock the PC after five minutes of inactivity to help prevent unauthorized access to PC. Which of the following controls is being described in this situation? CORRECT ANSWER Technical The controls described in this scenario such as preventing unauthorized access to PCs and applying screensavers that lock the PC after five minutes of inactivity is a type of a technical control. Technical controls, also called logical controls, are hardware or software installations implemented to monitor and prevent threats and attacks to computer systems and services. It also includes controls such as identification and authentication, access control, audit and accountability as well as system and communication protection Rosy wants to implement a security control to monitor and prevent threats and attacks to computer systems and services. Which of the following security controls should she implement to accomplish the task? CORRECT ANSWER Technical Rosy should implement technical controls to accomplish the task. Technical controls, also called logical controls, are hardware or software installations implemented to monitor and prevent threats and attacks to computer systems and services.