1. What is a chart with a plot of the various risks in an organization using colors? It will plot the impact and the likelihood of occurrence on a scale of low to high using colors such as green and red, respectively.
    A.     Risk control assessment
    B.     Risk heat map
    C.     Risk register
    D.     Risk matrix

2. Any potential danger is a/an _____.
    A.     Threat
    B.     Risk
    C.     Impact
    D.     Vulnerability

3. Last year, the webserver failed five times. Each time, the repair cost was $1,000 and the downtime cost was $2,000 in lost revenue. What is the ARO?
    A.     $3,000
    B.     5
    C.     $5,000
    D.     $15,000

4. This is when management acknowledges that certain risks exist and something must be done to mitigate the risks.
    A.     Risk awareness
    B.     Risk appetite
    C.     Risk posture
    D.     Risk control assessment

5. _____ is the magnitude of harm resulting from a risk.
    A.     Risk management
    B.     Vulnerability
    C.     Impact
    D.     Threat

6. Maximum amount of time a system is allowed to be down and the consequences are still acceptable.
    A.     MTBF
    B.     MTTR
    C.     RPO
    D.     RTO

7. Long-term power failures, chemical spills, pollution, hurricanes, floods, tornadoes, earthquakes, landslides, electrical storms, and tsunamis are examples of _____.
    A.     Environmental disasters
    B.     External disasters
    C.     Person-made disasters
    D.     Internal disasters

8. _____ is how much the asset is worth to an organization.
    A.     Vulnerability
    B.     Impact
    C.     Likelihood of occurrence
    D.     Asset value

9. Script kiddies, hacktivist, organized crime, APTs, insiders, competitors, people accidently deleting data, people’s negligence causing system outages, computer errors caused by someone clicking the wrong button are examples of _____.
    A.     Internal disasters
    B.     Environmental disasters
    C.     External disasters
    D.     Person-made disasters

10. A hospital buys new DLP (Data Loss Prevention) technology to protect the patients’ PHI (Protected Health Information). Which of the following is the hospital doing?
    A.     Avoiding the risk
    B.     Accepting the risk
    C.     Transferring the risk
    D.     Mitigating the risk