Chat with AIExam 6: Risk Management: Identifying and Assessing Risk
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program65 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?
(Multiple Choice)
4.8/5 
(41)
(41) What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?
(Multiple Choice)
4.8/5 (45)
(45) The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.
(Multiple Choice)
4.8/5 (34)
(34) An evaluation of the threats to information assets,including a determination of their potential to endanger the organization is known as exploit assessment.
(True/False)
4.7/5 (37)
(37) Classification categories must be ____________________ and mutually exclusive.
(Short Answer)
4.9/5 (38)
(38) The recognition,enumeration,and documentation of risks to an organization's information assets.
(Multiple Choice)
4.8/5 (34)
(34) As each information asset is identified,categorized,and classified,a ________ value must also be assigned to it.
(Short Answer)
4.8/5 (32)
(32) An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures is known as numberless assessment.
(True/False)
4.8/5 (42)
(42) An evaluation of the dangers to information assets,including a determination of their potential to endanger the organization.
(Multiple Choice)
4.8/5 (33)
(33) What should you be armed with to adequately assess potential weaknesses in each information asset?
(Multiple Choice)
4.8/5 (35)
(35) List the stages in the risk identification process in order of occurrence.
(Essay)
4.8/5 (41)
(41) The probability that a specific vulnerability within an organization will be the target of an attack is known as risk.
(True/False)
4.8/5 (40)
(40) How should the initial inventory be used when classifying and categorizing assets?
(Essay)
4.7/5 (39)
(39) The quantity and nature of risk that organizations are willing to accept.
(Multiple Choice)
4.9/5 (40)
(40) The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.
(True/False)
4.8/5 (40)
(40) Which of the following is an attribute of a network device is physically tied to the network interface?
(Multiple Choice)
4.9/5 (41)
(41) An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.
(Multiple Choice)
4.8/5 (40)
(40) Determining the cost of recovery from an attack is one calculation that must be made to identify risk,what is another?
(Multiple Choice)
4.7/5 (37)
(37) An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures.
(Multiple Choice)
4.7/5 (39)
(39) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)