Chat with AIExam 7: Risk Management: Controlling Risk
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program65 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
Application of training and education is a common method of which risk control strategy?
(Multiple Choice)
4.8/5 
(35)
(35) By multiplying the asset value by the exposure factor,you can calculate which of the following?
(Multiple Choice)
4.8/5 (36)
(36) Explain two practical guidelines to follow in risk control strategy selection.
(Essay)
4.8/5 (41)
(41) The Microsoft Risk Management Approach includes four phases.Which of the following is NOT one of them?
(Multiple Choice)
4.8/5 (36)
(36) When a vulnerability (flaw or weakness)exists in an important asset,implement security controls to reduce the likelihood of a vulnerability being ___________.
(Short Answer)
4.9/5 (39)
(39) The calculated value associated with the most likely loss from a single attack.
(Multiple Choice)
4.9/5 (42)
(42) The risk control strategy that attempts to shift risk to other assets,other processes,or other organizations is known as the defense risk control strategy.
(True/False)
4.8/5 (38)
(38) In a cost-benefit analysis,the expected frequency of an attack,expressed on a per-year basis is known as the annualized risk of occurrence.
(True/False)
4.8/5 (34)
(34) Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?
(Multiple Choice)
4.8/5 (37)
(37) The ISO 27005 Standard for InfoSec Risk Management includes a five-stage management methodology; among them are risk treatment and risk communication.
(True/False)
4.9/5 (31)
(31) Which of the following describes the financial savings from using the defense risk control strategy to implement a control and eliminate the financial ramifications of an incident?
(Multiple Choice)
4.8/5 (32)
(32) The criterion most commonly used when evaluating a strategy to implement InfoSec controls and safeguards is economic feasibility.
(True/False)
4.9/5 (37)
(37) Which of the following is NOT an alternative to using CBA to justify risk controls?
(Multiple Choice)
4.7/5 (26)
(26) The ____________________ risk control strategy attempts to shift the risk to other assets, processes,or organizations.
(Short Answer)
5.0/5 (37)
(37) The NIST risk management approach includes all but which of the following elements?
(Multiple Choice)
4.7/5 (31)
(31) Which of the following determines acceptable practices based on consensus and relationships among the communities of interest.
(Multiple Choice)
4.9/5 (32)
(32) The defense risk control strategy may be accomplished by outsourcing to other organizations.
(True/False)
4.9/5 (41)
(41) The risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards is the protect risk control strategy,also known as the avoidance strategy.
(True/False)
4.9/5 (32)
(32) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)