Question
Which of the following is the formula used to calculate the risk that remains after you apply controls? a. ALE=SLExARO b. Risk=Threat X Vulnerability c.
Which of the following is the formula used to calculate the risk that remains after you apply controls?
| a. | ALE=SLExARO | |
| b. | Risk=Threat X Vulnerability | |
| c. | Total Risk=Thrat X Vulnerability X Assest Value | |
| d. | Residual Risk = Total Risk - Controls |
8.00000 points
QUESTION 2
A risk handling technique in which the organization chooses to simply do nothing, as the cost of the risk being actualized is lower than the cost of the security control, is known as
| a. | Transfer | |
| b. | Avoidance | |
| c. | Acceptance | |
| d. | Mitigation |
8.00000 points
QUESTION 3
Which of the following is not a source that would be used to assess an organziations vulnerabilities?
| a. | System Logs | |
| b. | Audits | |
| c. | Prior events | |
| d. | Acutuary tables |
8.00000 points
QUESTION 4
Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?
| a. | EF | |
| b. | ARO | |
| c. | ALE | |
| d. | SLE |
8.00000 points
QUESTION 5
A weak password, or a firewall that has been improperly configured, is considered a/an:
| a. | vulnerability | |
| b. | risk | |
| c. | exploit | |
| d. | threat |
8.00000 points
QUESTION 6
Which of the following is not a U.S. Government risk management initiative or program?
| a. | MITREs CVE List | |
| b. | ITIL | |
| c. | US-CERT | |
| d. | DHS NCCIC |
8.00000 points
QUESTION 7
What are valid contents of a risk management plan?
| a. | Scope | |
| b. | Recommendations | |
| c. | POA&M | |
| d. | All of the above | |
| e. | Objectives |
8.00000 points
QUESTION 8
You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $200,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $50,000 per year. Which of the following is the best course of action?
| a. | Spend $25,000 on cyber insurance to transfer the risk | |
| b. | Spend the $50,000 to mitigate the risk | |
| c. | Accept the risk, | |
| d. | Spend whatever it takes to ensure that this data is safe. |
8.00000 points
QUESTION 9
The possibility that a negative event will occur is known as a/an:
| a. | vulnerablity | |
| b. | exploit | |
| c. | threat | |
| d. | risk |
8.00000 points
QUESTION 10
Which of the following is an example of an intangible asset?
| a. | Sales database | |
| b. | Good will or the branding that is associated with a well-liked product | |
| c. | Server software | |
| d. | Server hardware |
8.00000 points
QUESTION 11
The area inside the firewall is considered to be the
| a. | LAN Domain | |
| b. | User Domain | |
| c. | Workstation Domain | |
| d. | Secured Domain |
8.00000 points
QUESTION 12
If a hacker hacks in to a hospital and changes a patients blood type on his patient healthcare record, which of the following security services was the one that was principally violated?
| a. | Integrity | |
| b. | Availability | |
| c. | Confidentiality | |
| d. | Authentication |
8.00000 points
QUESTION 13
A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.
| a. | Acceptable Use | |
| b. | Job Rotation | |
| c. | Need to Know | |
| d. | Separation of Duties |
8.00000 points
QUESTION 14
NISTs Special Publication 800-30 describes what
| a. | A framework of good practices | |
| b. | Maturity levels associated with CMMI | |
| c. | How to perform a risk assessment | |
| d. | Certification and accreditation practices |
8.00000 points
QUESTION 15
This regulation applies to how institutions handle the privacy of your student records at the University.
| a. | HIPAA | |
| b. | CIPA | |
| c. | GLBA | |
| d. | FERPA |
8.00000 points
QUESTION 16
This Act applies to security and privacy expectations of healthcare organizations.
| a. | FERPA | |
| b. | HIPAA | |
| c. | GLBA | |
| d. | FISMA |
8.00000 points
QUESTION 17
Which of the following is not considered a method by which we would harden a server againsts attacks?
| a. | Reverse engineer a patch to look for vulnerabilities | |
| b. | Enable a firewall | |
| c. | Change default passwords | |
| d. | Remove unused services |
8.00000 points
QUESTION 18
This Act applies to financial oganizations
| a. | GLBA | |
| b. | FISMA | |
| c. | Sabanes-Oxley (SOX) | |
| d. | FERPA |
8.00000 points
QUESTION 19
A document used to track the progress of remediating identified risk.
| a. | Vulnerability Assessment | |
| b. | Risk Profile | |
| c. | Risk Assessment | |
| d. | POA&M |
8.00000 points
QUESTION 20
A method that shows a list of project tasks that must be completed on time so that the project is not delayed.
| a. | Gannt Chart | |
| b. | Risk Management Plan | |
| c. | Milestone Plan Chart | |
| d. | Critical Path Chart |
8.00000 points
QUESTION 21
Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over a qualitative risk assessment?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Advances In Spatial And Temporal Databases 10th International Symposium Sstd 2007 Boston Ma Usa July 2007 Proceedings Lncs 4605
Authors: Dimitris Papadias ,Donghui Zhang ,George Kollios
2007th Edition
3540735399, 978-3540735397
