SY0-601 SEC+ Risk Management, Privacy, &
Sensitive Data Security Exam Study Guide
Match the type of risk treatment or handling with the proper description. - answer
Mitigation - Implement safeguards that will reduce risk
Transference - Pass the risk to a third-party
Acceptance - Do not implement any safeguards
Avoidance - Choose not to undertake actions that introduce risk
What is the amount of time available to recover a resource, service, or function? -
answer RTO
Which of these has the role of the keeper of information from a technical standpoint
such as maintaining confidentiality, integrity, and availability? - answer Custodian
According to GDPR, what is a public document provided by an organization that
explains how they will process personal data and how the organization applies data
protection principles? - answer Privacy notice
Which of these is considered a primary or secondary loss from a data breach? - answer
Response
Reputation
Productivity
Replacement
Fill in the blank with the proper value: ALE = ________ x ARO - answer SLE
Which of these represents an attribute of a structured attack? - answer Organization
Planned
Persistent
Multi-phased
What data privacy enhancement removes directly identifying elements in raw data and
replaces it with randomly generated pseudonyms? - answer Tokenization
What data designation refers to information that, though unclassified, often requires
strict controls over its distribution? - answer Secret but unclassified
Which of these disasters would be considered environmental? - answer Landslide
Sensitive Data Security Exam Study Guide
Match the type of risk treatment or handling with the proper description. - answer
Mitigation - Implement safeguards that will reduce risk
Transference - Pass the risk to a third-party
Acceptance - Do not implement any safeguards
Avoidance - Choose not to undertake actions that introduce risk
What is the amount of time available to recover a resource, service, or function? -
answer RTO
Which of these has the role of the keeper of information from a technical standpoint
such as maintaining confidentiality, integrity, and availability? - answer Custodian
According to GDPR, what is a public document provided by an organization that
explains how they will process personal data and how the organization applies data
protection principles? - answer Privacy notice
Which of these is considered a primary or secondary loss from a data breach? - answer
Response
Reputation
Productivity
Replacement
Fill in the blank with the proper value: ALE = ________ x ARO - answer SLE
Which of these represents an attribute of a structured attack? - answer Organization
Planned
Persistent
Multi-phased
What data privacy enhancement removes directly identifying elements in raw data and
replaces it with randomly generated pseudonyms? - answer Tokenization
What data designation refers to information that, though unclassified, often requires
strict controls over its distribution? - answer Secret but unclassified
Which of these disasters would be considered environmental? - answer Landslide
