Question 1

Why is threat identification so important in the process of risk management?

Accepted Answer

Any organization typically faces a wide variety of threats.If you assume that every threat can and will attack every information asset,then the project scope becomes too complex.To make the process less unwieldy,each step in the threat identification and vulnerability identification processes is managed separately and then coordinated at the end.At every step,the manager is called on to exercise good judgment and draw on experience to make the process function smoothly.

Question 2

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

Accepted Answer

A)  Risk determination 
B)  Assessing potential loss 
C)  Likelihood and consequences 
D)  Uncertainty 
A)  Risk determination 
B)  Assessing potential loss 
C)  Likelihood and consequences 
D)  Uncertainty D

Question 3

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

Accepted Answer

A) True 
 B)False  False

Question 4

Classification categories must be ____________________ and mutually exclusive.

Accepted Answer

The answer of Classification categories must be ____________________ and mutually...

Question 5

Discuss the trends in frequency of attacks and how that plays into a risk management strategy.

Accepted Answer

The number of detected attacks is steadi

Question 6

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

Accepted Answer

A)  Determining the likelihood that vulnerable systems will be attacked by specific threats 
B)  Calculating the severity of risks to which assets are exposed in their current setting 
C)  Assigning a value to each information asset 
D)  Documenting and reporting the findings of risk identification and assessment 
A)  Determining the likelihood that vulnerable systems will be attacked by specific threats 
B)  Calculating the severity of risks to which assets are exposed in their current setting 
C)  Assigning a value to each information asset 
D)  Documenting and reporting the findings of risk identification and assessment

Question 7

The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________ ​

Accepted Answer

A) True 
 B)False

Question 8

The probability that a specific vulnerability within an organization will be the targetof an attack is known as risk.____________

Accepted Answer

A) True 
 B)False

Question 9

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Accepted Answer

factor ana

Question 10

Once an information asset is identified,categorized,and classified,what must also be assigned to it?

Accepted Answer

A)  Asset tag 
B)  Relative value 
C)  Location ID 
D)  Threat risk 
A)  Asset tag 
B)  Relative value 
C)  Location ID 
D)  Threat risk

Question 11

Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.

Accepted Answer

likelihood

Question 12

Which of the following attributes does NOT apply to software information assets?

Accepted Answer

A)  Serial number 
B)  Controlling entity 
C)  Manufacturer name 
D)  Product dimensions 
A)  Serial number 
B)  Controlling entity 
C)  Manufacturer name 
D)  Product dimensions

Question 13

An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 14

The information technology management community of interest often takes on the leadership role in addressing risk. ____________

Accepted Answer

A) True 
 B)False

Question 15

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Accepted Answer

A)  Name 
B)  MAC address 
C)  Serial number 
D)  Manufacturer's model or part number 
A)  Name 
B)  MAC address 
C)  Serial number 
D)  Manufacturer's model or part number

Question 16

Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.

Accepted Answer

The answer of Risk ____________ is the process of discovering...

Question 17

What are the included tasks in the identification of risks?

Accepted Answer

Creating an inventory of information ass

Question 18

The identification and assessment of levels of risk in an organization describes which of the following?

Accepted Answer

A)  Risk analysis 
B)  Risk identification 
C)  Risk management 
D)  Risk reduction 
A)  Risk analysis 
B)  Risk identification 
C)  Risk management 
D)  Risk reduction

Question 19

An evaluation of the dangers to information assets,including adetermination of their potential to endanger the organization.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 20

How should the initial inventory be used when classifying and categorizing assets?

Accepted Answer

The inventory should reflect the sensiti

Why is threat identification so important in the process of risk management?

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

Classification categories must be ____________________ and mutually exclusive.

Discuss the trends in frequency of attacks and how that plays into a risk management strategy.

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________

The probability that a specific vulnerability within an organization will be the targetof an attack is known as risk.____________

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Once an information asset is identified,categorized,and classified,what must also be assigned to it?

Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.

Which of the following attributes does NOT apply to software information assets?

An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.

The information technology management community of interest often takes on the leadership role in addressing risk. ____________

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.

What are the included tasks in the identification of risks?

The identification and assessment of levels of risk in an organization describes which of the following?

An evaluation of the dangers to information assets,including adetermination of their potential to endanger the organization.

How should the initial inventory be used when classifying and categorizing assets?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 6: Risk Management: Identifying and Assessing Risk

Why is threat identification so important in the process of risk management?

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

Classification categories must be ____________________ and mutually exclusive.

Discuss the trends in frequency of attacks and how that plays into a risk management strategy.

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________ ​

The probability that a specific vulnerability within an organization will be the targetof an attack is known as risk.____________

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Once an information asset is identified,categorized,and classified,what must also be assigned to it?

Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.

Which of the following attributes does NOT apply to software information assets?

An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.

The information technology management community of interest often takes on the leadership role in addressing risk. ____________

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.

What are the included tasks in the identification of risks?

The identification and assessment of levels of risk in an organization describes which of the following?

An evaluation of the dangers to information assets,including adetermination of their potential to endanger the organization.

How should the initial inventory be used when classifying and categorizing assets?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________