Can any one help with the quiz

QUESTION 1

Which is not an approach for prioritizing threats?

	a.	Wait and see
	b.	Change detection
	c.	Easy fixes first
	d.	FAIR

5.00000 points

QUESTION 2

Which of the following is considered a short coming of FAIR?

	a.	FAIR is used to derive and articulate risk
	b.	The asset and attacker-centricity of FAIR
	c.	FAIR defines risk as a function of loss
	d.	FAIR estimates worst-case loss

5.00000 points

QUESTION 3

Which is a factor to consider when deciding to mitigate or accept risk?

	a.	Information being collected and stored
	b.	Users of the system
	c.	Fitness for purpose
	d.	All of the above

5.00000 points

QUESTION 4

Which is a valid test of a threat mitigation?

	a.	Test of the mitigation
	b.	Test of the mitigation bypass
	c.	B but not A
	d.	Both A and B

5.00000 points

QUESTION 5

Software produced for sale should minimize:

	a.	License costs
	b.	Database connections
	c.	Acceptance of risks
	d.	Communication of threat model

5.00000 points

QUESTION 6

Which is a valid form of monitoring for the emergence of threats?

	a.	Change detection
	b.	Impact detection
	c.	Auto detection
	d.	Both A and B

5.00000 points

QUESTION 7

Which is a valid form of standard mitigation technology?

	a.	Platform provided controls
	b.	Operational controls
	c.	Both A and B
	d.	A but not B

5.00000 points

QUESTION 8

Which is a valid method for using design to eliminate risk?

	a.	FAIR
	b.	Comparative method
	c.	Integrated method
	d.	Both B and C

5.00000 points

QUESTION 9

Adding more code to a system can:

	a.	Eliminate the source of security vulnerabilities
	b.	Not address the source of security vulnerabilities
	c.	Expand the source of security vulnerabilities
	d.	A, B and C

5.00000 points

QUESTION 10

A threat tracking method that features thresholds for threat severity is a:

	a.	Threshold proximinator
	b.	Bug BI
	c.	Both A and B
	d.	Bug bar