Question $15(1$ point$)$

Rodrigo is a security professional. He is creating a policy that gives his organization control over mobile devices used by employees while giving them some options as to the type of device they will use. Which approach to mobile devices is Rodrigo focusing on in the policy?

Question $15$ options:

Choose Your Own Device $($CYOD$)$

Bring Your Own Device $($BYOD$)$

Company$-$owned$/$personally enabled $($COPE$)$

Company$-$owned business$-$only $($COBO$)$

Question $16(1$ point$)$

Adam is evaluating the security of a web server before it goes live. He believes that an issue in the code allows a cross$-$site scripting attack against the server. What term describes the issue that Adam discovered?

Question $16$ options:

Threat

Vulnerability

Risk

Impact

Question $17(1$ point$)$

Which term describes an action that can damage or compromise an asset?

Question $17$ options:

Risk

Vulnerability

Countermeasure

Threat

Question $18(1$ point$)$

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a $1$ percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $$2$ million in damage to the facility, which has a $$10$ million value. Given this scenario, what is the exposure factor $($EF$)?$

Question $18$ options:

$1$ percent

$10$ percent

$20$ percent

$50$ percent

Question $19(1$ point$)$

Saved

Maria is the risk manager for a large organization and is evaluating whether the organization should purchase a fire suppression system. She consulted a variety of subject matter experts and determined that there is a $1$ percent chance that a fire will occur in a given year. If a fire occurred, it would likely cause $$2$ million in damage to the facility, which has a $$10$ million value. Given this scenario, what is the annualized loss expectancy $($ALE$)?$

Question $19$ options:

$$2,000$

$$20,000$

$$200,000$

$$2,000,000$

Question $20(1$ point$)$

Aditya is the security manager for a mid$-$sized business. The company has suffered several serious data losses when laptops were stolen. Aditya decides to implement full disk encryption on all laptops. What risk response did Aditya take?

Question $20$ options:

Reduce

Transfer

Accept

Avoid

Question $21(1$ point$)$

What term describes the risk that exists after an organization has performed all planned countermeasures and controls?

Question $21$ options:

Total risk

Qualitative risk

Exposure

Residual risk

Question $22(1$ point$)$

Violet deploys an intrusion prevention system $($IPS$)$ on her network as a security control. What type of control has Violet deployed?

Question $22$ options:

Detective

Preventive

Corrective

Deterrent

Question $23(1$ point$)$

Forensics and incident response are examples of $\_\_\_\_\_\_\_\_\_\_$ controls.

Question $23$ options:

detective

preventive

corrective

deterrent