Question details

You can completely eliminate risk in an IT environment.
$ 15.00

Page:of 24

 

 

                                             Automatic Zoom                                             Actual Size                                             Page Fit                                             Page Width                                                                                          50%                                             75%                                             100%                                             125%                                             150%                                             200%                                             300%                                             400%                                         

 

 

Patrick Prince

Managing Risk in Information Systems

Chapter 1 Assessment

Which one of the following properly defines risk?

A. Threat x Mitigation

B. Vulnerability x Controls

C. Controls x Residual Risk

D. Threat x Vulnerability

2. Which one of the following properly defines total risk?

A. Threat x Mitigation

B. Threat x Vulnerability x Asset Value

C. Vulnerability x Controls

D. Vulnerability x Controls

3. You can completely eliminate risk in an IT environment.

A. True

B. False

4. Which of the following are accurate pairings of threat categories?

(Select two.)

A External and internal

B. Natural and supernatural

C. Intentional and accidental

D. Computer and user

5. A loss of client confidence or public trust is an example of a loss of ________.

6. A ________ is used to reduce a vulnerability.

7. As long as a company is profitable, it does not need to consider survivability.

A. True

B. False

8. What is the primary goal of an information security program?

A. Eliminate losses related to employee actions

B. Eliminate losses related to risk

C. Reduce losses related to residual risk

D. Reduce losses related to loss of confidentiality,

9. The ________ is an industry

recognized standard list of common vulnerabilities.

10. Which of the following is a goal of a risk management?

A. Identify the correct cost balance between risk and controls

B. Eliminate risk by implementing controls

C. Eliminate the loss associated with risk

D. Calculate value associated with residual risk

Page

1

of

24

 

 

 

Patrick Prince

Managing Risk in Information Systems

11. If the benefits outweigh the cost, a control is implemented. Costs and benefits are identified by completing a

________.

12. A company decides to reduce losses of a threat by purchasing insurance. This is known as risk ________.

13. What can you do to manage risk? (Select three.)

A. Accept

B. Transfer

C. Avoid

D. Migrate

14. You have applied controls to minimize risk in the environment. What is the remaining risk called?

A. Remaining risk

B. Mitigated risk

C. Managed risk

D. Residual risk

15. Who is ultimately responsible for losses resulting from residual risk?

A. End users

B. Technical staff

C. Senior management

D. Security personnel

CHAPTER 2 | Managing Risk: Threats, Vulnerabilities, and Exploits

Page

2

of

24

 

Available solutions