Question 1

The quantity and nature of risk that organizations are willing to accept.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 2

What strategic role do the InfoSec and IT communities play in risk management?Explain.

Accepted Answer

InfoSec - Because members of the InfoSec

Question 3

The InfoSec community often takes on the leadership role in addressing risk.

Accepted Answer

A) True 
 B)False

Question 4

Determining the cost of recovery from an attack is one calculation that must be made to identify risk,what is another?

Accepted Answer

A)  Cost of prevention 
B)  Cost of litigation 
C)  Cost of detection 
D)  Cost of identification 
A)  Cost of prevention 
B)  Cost of litigation 
C)  Cost of detection 
D)  Cost of identification

Question 5

An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 6

Data classification schemes should categorize information assets based on which of the following?

Accepted Answer

A)  Value and uniqueness 
B)  Sensitivity and security needs 
C)  Cost and replacement value 
D)  Ease of reproduction and fragility 
A)  Value and uniqueness 
B)  Sensitivity and security needs 
C)  Cost and replacement value 
D)  Ease of reproduction and fragility

Question 7

Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?

Accepted Answer

A)  Uncertainty percentage 
B)  Asset impact 
C)  Risk-rating factor 
D)  Vulnerability likelihood 
A)  Uncertainty percentage 
B)  Asset impact 
C)  Risk-rating factor 
D)  Vulnerability likelihood

Question 8

Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 9

An asset valuation approach that uses categorical or nonnumericvalues rather than absolute numerical measures is known as numberless assessment.____________

Accepted Answer

A) True 
 B)False

Question 10

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk assessment process?

Accepted Answer

A)  Creating an inventory of information assets 
B)  Classifying and organizing information assets into meaningful groups 
C)  Assigning a value to each information asset 
D)  Calculating the severity of risks to which assets are exposed in their current setting 
A)  Creating an inventory of information assets 
B)  Classifying and organizing information assets into meaningful groups 
C)  Assigning a value to each information asset 
D)  Calculating the severity of risks to which assets are exposed in their current setting

Question 11

The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.

Accepted Answer

A) True 
 B)False

Question 12

Briefly describe any three standard categories of information asset and their respective risk management components.

Accepted Answer

- The people asset is divided into inter

Question 13

Some threats can manifest in multiple ways,yielding multiple vulnerabilities for an asset-threat pair.

Accepted Answer

A) True 
 B)False

Question 14

What does it mean to 'know the enemy' with respect to risk management?

Accepted Answer

Once an organization becomes aware of it

Question 15

Describe the use of an IP address when deciding which attributes to track for each information asset.

Accepted Answer

This attribute is useful for network dev

Question 16

Which of the following is an attribute of a network device is physically tied to the network interface?

Accepted Answer

A)  Serial number 
B)  MAC address 
C)  IP address 
D)  Model number 
A)  Serial number 
B)  MAC address 
C)  IP address 
D)  Model number

Question 17

The process of identifying risk,assessing its relative magnitude,and takingsteps to reduce it to an acceptable level.

Accepted Answer

A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet 
A) risk management 
B) risk analysis 
C) classification categories 
D) risk identification 
E) field change order
F)threat assessment
G)risk appetite
H)qualitative assessment
I)residual risk
J)ranked vulnerability risk worksheet

Question 18

A prioritized lists ofassets and threats can be combined with exploit information into a specialized report known as a TVA worksheet​.____________

Accepted Answer

A) True 
 B)False

Question 19

Each manager in the organization should focus on reducing risk.This is often done within the context of one of the three communities of interest,which includes all but which of the following?

Accepted Answer

A)  General management must structure the IT and InfoSec functions 
B)  IT management must serve the IT needs of the broader organization 
C)  Legal management must develop corporate-wide standards 
D)  InfoSec management must lead the way with skill, professionalism, and flexibility 
A)  General management must structure the IT and InfoSec functions 
B)  IT management must serve the IT needs of the broader organization 
C)  Legal management must develop corporate-wide standards 
D)  InfoSec management must lead the way with skill, professionalism, and flexibility

Question 20

What is the final step in the risk identification process?

Accepted Answer

A)  Assessing values for information assets 
B)  Classifying and categorizing assets 
C)  Identifying and inventorying assets 
D)  Listing assets in order of importance 
A)  Assessing values for information assets 
B)  Classifying and categorizing assets 
C)  Identifying and inventorying assets 
D)  Listing assets in order of importance

The quantity and nature of risk that organizations are willing to accept.

What strategic role do the InfoSec and IT communities play in risk management?Explain.

The InfoSec community often takes on the leadership role in addressing risk.

Determining the cost of recovery from an attack is one calculation that must be made to identify risk,what is another?

An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures.

Data classification schemes should categorize information assets based on which of the following?

Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?

Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.

An asset valuation approach that uses categorical or nonnumericvalues rather than absolute numerical measures is known as numberless assessment.____________

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk assessment process?

The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.

Briefly describe any three standard categories of information asset and their respective risk management components.

Some threats can manifest in multiple ways,yielding multiple vulnerabilities for an asset-threat pair.

What does it mean to 'know the enemy' with respect to risk management?

Describe the use of an IP address when deciding which attributes to track for each information asset.

Which of the following is an attribute of a network device is physically tied to the network interface?

The process of identifying risk,assessing its relative magnitude,and takingsteps to reduce it to an acceptable level.

A prioritized lists ofassets and threats can be combined with exploit information into a specialized report known as a TVA worksheet.____________

Each manager in the organization should focus on reducing risk.This is often done within the context of one of the three communities of interest,which includes all but which of the following?

What is the final step in the risk identification process?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 6: Risk Management: Identifying and Assessing Risk

The quantity and nature of risk that organizations are willing to accept.

What strategic role do the InfoSec and IT communities play in risk management?Explain.

The InfoSec community often takes on the leadership role in addressing risk.

Determining the cost of recovery from an attack is one calculation that must be made to identify risk,what is another?

An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures.

Data classification schemes should categorize information assets based on which of the following?

Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?

Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.

An asset valuation approach that uses categorical or nonnumericvalues rather than absolute numerical measures is known as numberless assessment.____________

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk assessment process?

The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.

Briefly describe any three standard categories of information asset and their respective risk management components.

Some threats can manifest in multiple ways,yielding multiple vulnerabilities for an asset-threat pair.

What does it mean to 'know the enemy' with respect to risk management?

Describe the use of an IP address when deciding which attributes to track for each information asset.

Which of the following is an attribute of a network device is physically tied to the network interface?

The process of identifying risk,assessing its relative magnitude,and takingsteps to reduce it to an acceptable level.

A prioritized lists ofassets and threats can be combined with exploit information into a specialized report known as a TVA worksheet​.____________

Each manager in the organization should focus on reducing risk.This is often done within the context of one of the three communities of interest,which includes all but which of the following?

What is the final step in the risk identification process?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

A prioritized lists ofassets and threats can be combined with exploit information into a specialized report known as a TVA worksheet.____________