76 what is single loss expectancy, and how is it calculated?
The cost associated with a single realized risk against a specific asset.
SLE= asset value(AV ( exposure factor (EF). the SLE is expressed in a dollar value.
77 what is annualized loss expectancy, and how is it calculated?
the possible yearly cost of all instances of a specific realized threat against a specific asset.
ALE= single loss expectancy(SLE) ( annualized rate of occurrence(ARO)
78 what are the basics distinctions between qualitative and quantitative risk analysis?
Quantitative risk analysis assigns real dollar figures to the loss of an asset.
Qualitative risk analysis assigns subjective and intangible value to the loss of an asset.
什么是基本的区别定性和定量风险分析?
定量风险分析受让人实际美元数字的损失资产。
定性风险分析受让人主观和无形价值的损失的资产。
79 what are the four possible responses by upper/senior management to risk?
Reduce/mitigate, assign/transfer, accept, or reject/deny
对待风险高层/高级管理人员有什么样的四种可能反应?80 what is total risk?
the amount of risk an organization would face if no safeguards were implemented.
a formula for total risk is threats(vulnerabilities (asset value ==total risk)
什么是总风险?
一个组织面临风险的数量将如果没有保障措施得到执行。
公式的总的风险是威胁(漏洞(总资产价值==风险)
81 what is the control gap?
The difference between total risk and residual risk.
the controls gap is the amount of risk that is reduced by implementing safeguards.
什么是控制差距?
控制差距是全部风险和剩余风险之间的差额。
控制差距也是实施了保障措施后减少的部分。
83 what are the three learning levels of security?
Awareness, training, and education
什么是学习安全的三个层次?
宣传,培训和教育
84 what are the three types of plans employed in security management planning?
a strategic plan is a long-term plan that is fairly stable.
the tactical plan is a midterm plan that provide more details, operational plans are short term and highly detailed.
什么是受聘于安全管理的三种类型的计划(规划)?
一 战略计划,是一项长期计划,是相当稳定。
二 战术计划是一个中期计划,提供更多的细节,
三 业务计划的短期和非常详细。
85 how many primary keys may each database table have?
one
数据库表有多少主键(primary keys)
1个
86 what type of malicious code spreads through the sharing of infected media?
viruses
什么类型的恶意代码通过共享收感染的media?
病毒
87 what term is used to describe intelligent code objects that perform actions on behalf of a user?
Agent
88 what term is used to describe code sent by a server to a client for execution on the client machine?
Applet
89 what language by sun Microsystem is often used for applet programming and development?
java
90 what type of database key enforces relationships between tables?
Foreign key
强制实施表之间的关系的键的类型是什么
外键
91 what security principle ensures that multiple records are created in a database table for viewing a different security levels?
Polyinstantiation
什么安全原则确保的多个记录中创建一个数据库表看不同的安全水平?92 what process evaluates the technical and nontechnical security features of an IT system?
Certification and accreditation
什么进程评估的技术和非技术的安全功能的IT系统?
认证和认可
93 what type of accreditation evaluates the systems and applications at a specific self-contained location?
site accreditation
什么类型的认证评价系统和应用程序在特定的独立的位置?
网站认证
94 In which phase of the software capability maturity model do you often find hard-working people charging ahead in a disorganized fashion?
Initial
在该阶段的软件能力成熟度模型,你常常会发现辛勤工作的人们在未来的收费混乱的方式?
初次
95 In which layer of the ring protection scheme do user applications reside?
Layer 3
96 what system mode requires that the system process only one classification level at a time and all system users have clearance and need to know that information?
dedicated security mode
什么制度模式要求该系统的程序(过程,步骤process ) 同一时间内只有一个分类层次,所有的系统用户关卡(clearance),需要知道的信息?97 what is another term for the master boot record?
Boot sector
98 what type of virus embeds itself in application documents?
Macro virus
99 What can antivirus programs do when they encounter a virus infection?
Delete the file, disinfect the file, or quarantine the file.
防病毒程序,当他们遇到病毒感染 做什么?删除该文件,消毒档案,或检疫该文件。
100 what type of virus modifies itself each time it infects a new system in an attempt to avoid detection?
Polymorphic virus
什么类型的病毒会修改自己每一次感染一个新的系统,以避免检测?多态病毒
博文
没有评论:
发表评论