Question 1

The process of identifying risk,assessing its relative magnitude,and taking steps to reduce it to an acceptable level.

Accepted Answer

A)  risk management 
B)  risk analysis 
C)  classification categories 
D)  risk identification 
E)  field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet 
A)  risk management 
B)  risk analysis 
C)  classification categories 
D)  risk identification 
E)  field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet A

Question 2

Classification categories must be mutually exclusive and which of the following?

Accepted Answer

A)  Repeatable 
B)  Unique 
C)  Comprehensive 
D)  Selective 
A)  Repeatable 
B)  Unique 
C)  Comprehensive 
D)  Selective C

Question 3

Once an information asset is identified,categorized,and classified,what must also be assigned to it?

Accepted Answer

A)  Asset tag 
B)  Relative value 
C)  Location ID 
D)  Threat risk 
A)  Asset tag 
B)  Relative value 
C)  Location ID 
D)  Threat risk B

Question 4

For the purposes of relative risk assessment how is risk calculated?

Accepted Answer

Risk equals likelihood of vuln

Question 5

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Accepted Answer

factor ana

Question 6

Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

Accepted Answer

A)  Part number 
B)  Serial number 
C)  MAC address 
D)  IP address 
A)  Part number 
B)  Serial number 
C)  MAC address 
D)  IP address

Question 7

Which of the following is an example of a technological obsolescence threat?

Accepted Answer

A)  Hardware equipment failure 
B)  Unauthorized access 
C)  Outdated servers 
D)  Malware 
A)  Hardware equipment failure 
B)  Unauthorized access 
C)  Outdated servers 
D)  Malware

Question 8

Having an established risk management program means that an organization's assets are completely protected.

Accepted Answer

A) True 
 B)False

Question 9

Briefly describe any three standard categories of information asset and their respective risk management components.

Accepted Answer

- The people asset is divided into inter

Question 10

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

Accepted Answer

A) True 
 B)False

Question 11

The identification and assessment of levels of risk in an organization describes which of the following?

Accepted Answer

A)  Risk analysis 
B)  Risk identification 
C)  Risk management 
D)  Risk reduction 
A)  Risk analysis 
B)  Risk identification 
C)  Risk management 
D)  Risk reduction

Question 12

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

Accepted Answer

A)  Determining the likelihood that vulnerable systems will be attacked by specific threats 
B)  Calculating the severity of risks to which assets are exposed in their current setting 
C)  Assigning a value to each information asset 
D)  Documenting and reporting the findings of risk identification and assessment 
A)  Determining the likelihood that vulnerable systems will be attacked by specific threats 
B)  Calculating the severity of risks to which assets are exposed in their current setting 
C)  Assigning a value to each information asset 
D)  Documenting and reporting the findings of risk identification and assessment

Question 13

​The secretarial community often takes on the leadership role in addressing risk.

Accepted Answer

A) True 
 B)False

Question 14

What strategic role do the InfoSec and IT communities play in risk management?  Explain.

Accepted Answer

InfoSec - Because members of the InfoSec

Question 15

What is the final step in the risk identification process?

Accepted Answer

A)  Assessing values for information assets 
B)  Classifying and categorizing assets 
C)  Identifying and inventorying assets 
D)  Listing assets in order of importance 
A)  Assessing values for information assets 
B)  Classifying and categorizing assets 
C)  Identifying and inventorying assets 
D)  Listing assets in order of importance

Question 16

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair.​

Accepted Answer

A) True 
 B)False

Question 17

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Accepted Answer

A)  Liabilities 
B)  Defenses 
C)  Vulnerabilities 
D)  Weaknesses 
A)  Liabilities 
B)  Defenses 
C)  Vulnerabilities 
D)  Weaknesses

Question 18

Data classification schemes should categorize information assets based on which of the following?

Accepted Answer

A)  Value and uniqueness 
B)  Sensitivity and security needs 
C)  Cost and replacement value 
D)  Ease of reproduction and fragility 
A)  Value and uniqueness 
B)  Sensitivity and security needs 
C)  Cost and replacement value 
D)  Ease of reproduction and fragility

Question 19

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Accepted Answer

A)  Name 
B)  MAC address 
C)  Serial number 
D)  Manufacturer's model or part number 
A)  Name 
B)  MAC address 
C)  Serial number 
D)  Manufacturer's model or part number

Question 20

Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.

Accepted Answer

A)  risk management 
B)  risk analysis 
C)  classification categories 
D)  risk identification 
E)  field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet 
A)  risk management 
B)  risk analysis 
C)  classification categories 
D)  risk identification 
E)  field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet

The process of identifying risk,assessing its relative magnitude,and taking steps to reduce it to an acceptable level.

Classification categories must be mutually exclusive and which of the following?

Once an information asset is identified,categorized,and classified,what must also be assigned to it?

For the purposes of relative risk assessment how is risk calculated?

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

Which of the following is an example of a technological obsolescence threat?

Having an established risk management program means that an organization's assets are completely protected.

Briefly describe any three standard categories of information asset and their respective risk management components.

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

The identification and assessment of levels of risk in an organization describes which of the following?

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

The secretarial community often takes on the leadership role in addressing risk.

What strategic role do the InfoSec and IT communities play in risk management? Explain.

What is the final step in the risk identification process?

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair.

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Data classification schemes should categorize information assets based on which of the following?

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 6: Risk Management: Identifying and Assessing Risk

The process of identifying risk,assessing its relative magnitude,and taking steps to reduce it to an acceptable level.

Classification categories must be mutually exclusive and which of the following?

Once an information asset is identified,categorized,and classified,what must also be assigned to it?

For the purposes of relative risk assessment how is risk calculated?

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Which of the following is a network device attribute that may be used in conjunction with DHCP,making asset-identification using this attribute difficult?

Which of the following is an example of a technological obsolescence threat?

Having an established risk management program means that an organization's assets are completely protected.

Briefly describe any three standard categories of information asset and their respective risk management components.

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

The identification and assessment of levels of risk in an organization describes which of the following?

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?

​The secretarial community often takes on the leadership role in addressing risk.

What strategic role do the InfoSec and IT communities play in risk management? Explain.

What is the final step in the risk identification process?

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair.​

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Data classification schemes should categorize information assets based on which of the following?

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Occurs when a manufacturer performs an upgrade to a hardware component at the customer's premises.

Introduction to the Management of Information Security

Compliance: Law and Ethics

Governance and Strategic Planning for Security

Information Security Policy

Developing the Security Program

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

The secretarial community often takes on the leadership role in addressing risk.

Some threats can manifest in multiple ways,yielding multiple exploits for an asset-threat pair.