Which of the following is the formula used to calculate the risk that remains af

Question

Which of the following is the formula used to calculate the risk that remains after you apply controls?

ALE=SLExARO

Risk=Threat X Vulnerability

Total Risk=Thrat X Vulnerability X Assest Value

Residual Risk = Total Risk - Controls

8.00000 points   

QUESTION 2

A risk handling technique in which the organization chooses to simply do nothing, as the cost of the risk being actualized is lower than the cost of the security control, is known as

Transfer

Avoidance

Acceptance

Mitigation

8.00000 points   

QUESTION 3

Which of the following is not a source that would be used to assess an organziation’s vulnerabilities?

System Logs

Audits

Prior events

Acutuary tables

8.00000 points   

QUESTION 4

Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?

EF

ARO

ALE

SLE

8.00000 points   

QUESTION 5

A weak password, or a firewall that has been improperly configured, is considered a/an:

vulnerability

risk

exploit

threat

8.00000 points   

QUESTION 6

Which of the following is not a U.S. Government risk management initiative or program?

MITRE’s CVE List

ITIL

US-CERT

DHS’ NCCIC

8.00000 points   

QUESTION 7

What are valid contents of a risk management plan?

Scope

Recommendations

POA&M

All of the above

Objectives

8.00000 points   

QUESTION 8

You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $200,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $50,000 per year. Which of the following is the best course of action?

Spend $25,000 on cyber insurance to transfer the risk

Spend the $50,000 to mitigate the risk

Accept the risk,

Spend whatever it takes to ensure that this data is safe.

8.00000 points   

QUESTION 9

The possibility that a negative event will occur is known as a/an:

vulnerablity

exploit

threat

risk

8.00000 points   

QUESTION 10

Which of the following is an example of an intangible asset?

Sales database

“Good will” or the branding that is associated with a well-liked product

Server software

Server hardware

8.00000 points   

QUESTION 11

The area inside the firewall is considered to be the

LAN Domain

User Domain

Workstation Domain

Secured Domain

8.00000 points   

QUESTION 12

If a hacker hacks in to a hospital and changes a patient’s blood type on his patient healthcare record, which of the following security services was the one that was principally violated?

Integrity

Availability

Confidentiality

Authentication

8.00000 points   

QUESTION 13

A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.

Acceptable Use

Job Rotation

Need to Know

Separation of Duties

8.00000 points   

QUESTION 14

NIST’s Special Publication 800-30 describes what

A framework of good practices

Maturity levels associated with CMMI

How to perform a risk assessment

Certification and accreditation practices

8.00000 points   

QUESTION 15

This regulation applies to how institutions handle the privacy of your student records at the University.

HIPAA

CIPA

GLBA

FERPA

8.00000 points   

QUESTION 16

This Act applies to security and privacy expectations of healthcare organizations.

FERPA

HIPAA

GLBA

FISMA

8.00000 points   

QUESTION 17

Which of the following is not considered a method by which we would harden a server againsts attacks?

Reverse engineer a patch to look for vulnerabilities

Enable a firewall

Change default passwords

Remove unused services

8.00000 points   

QUESTION 18

This Act applies to financial oganizations

GLBA

FISMA

Sabanes-Oxley (SOX)

FERPA

8.00000 points   

QUESTION 19

A document used to track the progress of remediating identified risk.

Vulnerability Assessment

Risk Profile

Risk Assessment

POA&M

8.00000 points   

QUESTION 20

A method that shows a list of project tasks that must be completed on time so that the project is not delayed.

Gannt Chart

Risk Management Plan

Milestone Plan Chart

Critical Path Chart

8.00000 points   

QUESTION 21

Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over a qualitative risk assessment?

a.

ALE=SLExARO

b.

Risk=Threat X Vulnerability

c.

Total Risk=Thrat X Vulnerability X Assest Value

d.

Residual Risk = Total Risk - Controls

Explanation / Answer

Answer.)

1. c. Total Risk=Thrat X Vulnerability X Assest Value

2. c Acceptance.

3. d. Actuary tables.

4. c. Annual Loss Expectancy.

5. a. Vulnerability.

6. a. MITRE’s CVE List

7. d. All of the above

8. a. Spend $25,000 on cyber insurance to transfer the risk

9. d. Risk

10. b. “Good will” or the branding that is associated with a well-liked product

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.