Chat with AIExam 7: Risk Management: Controlling Risk
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program55 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
The goal of InfoSec is not to bring residual risk to zero; rather,it is to bring residual risk in line with an organization's risk ___________.
(Short Answer)
4.8/5 
(38)
(38) In which technique does a group rate or rank a set of information,compile the results and repeat until everyone is satisfied with the result?
(Multiple Choice)
4.9/5 (34)
(34) The NIST risk management approach includes all but which of the following elements?
(Multiple Choice)
4.8/5 (31)
(31) The financial savings from using the defense risk control strategy to implementa control and eliminate the financial ramifications of an incident.
(Multiple Choice)
4.9/5 (43)
(43) A risk control strategy that attempts to reduce the impactof the loss caused by a realized incident,disaster,or attack through effective contingencyplanning and preparation.
(Multiple Choice)
4.9/5 (42)
(42) Which of the following is not a step in the FAIR risk management framework?
(Multiple Choice)
5.0/5 (38)
(38) Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?
(Multiple Choice)
4.7/5 (30)
(30) The risk control strategy that indicates the organization is willing to accept the current level of risk.As a result,the organization makes a conscious decision to do nothing to protect an information asset from risk and to accept the outcome from any resulting exploitation is known as the termination risk control strategy.
(True/False)
4.8/5 (44)
(44) What does the result of a CBA determine?What is the formula for the CBA?
(Essay)
4.8/5 (37)
(37) The risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards is the protect risk control strategy,also known as the avoidance strategy.____________
(True/False)
4.9/5 (29)
(29) Which of the following is NOT an alternative to using CBA to justify risk controls?
(Multiple Choice)
4.8/5 (35)
(35) When a vulnerability (flaw or weakness)exists in an important asset,implement security controls to reduce the likelihood of a vulnerability being ___________.
(Short Answer)
4.9/5 (32)
(32) Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster?
(Multiple Choice)
4.9/5 (40)
(40) A risk control strategy that indicates the organization iswilling to accept the current level of risk and that the organization makes a conscious decisionto do nothing to protect an information asset from risk and to accept the outcome from anyresulting exploitation.
(Multiple Choice)
4.9/5 (41)
(41) The ____________________ risk control strategy attempts to shift the risk to other assets,processes,or organizations.
(Short Answer)
4.7/5 (28)
(28) Application of training and education is a common method of which risk control strategy?
(Multiple Choice)
5.0/5 (36)
(36) Describe the use of hybrid assessment to create a quantitative assessment of asset value.
(Essay)
4.8/5 (31)
(31) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)