Question 1

Which of the following describes the process of asset identification during a risk assessment?

Accepted Answer

A) Collecting data on the value of bank accounts and other financial notes controlled by the organization 
B) Identifying and classifying the assets,systems,and processes that need protection because they are vulnerable to threats 
C) Collecting data on the property plant and equipment to be prepared to file an insurance claim 
D) Hiring an outside auditing firm to assess the total net worth of the company 
A) Collecting data on the value of bank accounts and other financial notes controlled by the organization 
B) Identifying and classifying the assets,systems,and processes that need protection because they are vulnerable to threats 
C) Collecting data on the property plant and equipment to be prepared to file an insurance claim 
D) Hiring an outside auditing firm to assess the total net worth of the company B

Question 2

_______________ are histograms that rank the categories in a chart from most frequent to least frequent,thus facilitating risk prioritization.

Accepted Answer

Gantt charts

Question 3

It is recognized throughout the industry that the best type of risk assessment to conduct is a purely quantitative one.

Accepted Answer

A) True 
 B)False  False

Question 4

Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?

Accepted Answer

A) SLE 
B) ALE 
C) SRO 
D) ARO 
A) SLE 
B) ALE 
C) SRO 
D) ARO

Question 5

Which of the following is the formula for single loss expectancy (SLE)?

Accepted Answer

A) The exposure factor added to the asset 
B) The asset multiplied by the exposure factor 
C) The asset divided by the annual rate of expectancy 
D) The asset multiplied by the exposure factor and divided by the annual rate of expectancy 
A) The exposure factor added to the asset 
B) The asset multiplied by the exposure factor 
C) The asset divided by the annual rate of expectancy 
D) The asset multiplied by the exposure factor and divided by the annual rate of expectancy

Question 6

A risk management plan is a comprehensive document that explains how risks will be identified on a given project.

Accepted Answer

A) True 
 B)False

Question 7

Cause and effect analysis is the process of identifying relationships between a risk and the organization's needs.

Accepted Answer

A) True 
 B)False

Question 8

How can the purpose of risk management best be described?

Accepted Answer

A) A method to improve the performance of the organizations stock portfolio 
B) To take cost effective measures to reduce potential risk to the organization to an acceptable level 
C) A method to inform management of the types of assets the company controls 
D) A means of getting cheaper insurance for the organization 
A) A method to improve the performance of the organizations stock portfolio 
B) To take cost effective measures to reduce potential risk to the organization to an acceptable level 
C) A method to inform management of the types of assets the company controls 
D) A means of getting cheaper insurance for the organization

Question 9

An organization can reduce its risks to zero through careful planning and implementation.

Accepted Answer

A) True 
 B)False

Question 10

What are the steps for the software engineering institute model for risk management?

Accepted Answer

A) Identify,analyze,plan,track,and control 
B) Analyze,track,identify,plan,and control 
C) Identify assets,threats,vulnerabilities,and exposure factor 
D) Cost benefit analysis,control,and review 
A) Identify,analyze,plan,track,and control 
B) Analyze,track,identify,plan,and control 
C) Identify assets,threats,vulnerabilities,and exposure factor 
D) Cost benefit analysis,control,and review

Question 11

_______________ is the overall decision-making process of identifying threats and vulnerabilities and their potential impacts,determining the costs to mitigate such events,and deciding what actions are cost effective for controlling these risks.

Accepted Answer

The answer of _______________ is the overall decision-making process of...

Question 12

Using the general risk management model,direct loss of money,interruption of business activity,and breach of confidence,fall under which step?

Accepted Answer

A) Asset identification 
B) Threat assessment 
C) Impact determination and quantification 
D) Residual risk management 
A) Asset identification 
B) Threat assessment 
C) Impact determination and quantification 
D) Residual risk management

Question 13

Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?

Accepted Answer

A) Pareto charts 
B) Gantt charts 
C) Interrelationship digraphs 
D) PERT charts 
A) Pareto charts 
B) Gantt charts 
C) Interrelationship digraphs 
D) PERT charts

Question 14

Performing a cost/benefit analysis to determine the effectiveness of a countermeasure is not a useful way to evaluate a countermeasure,because risk needs to be reduced at any cost.

Accepted Answer

A) True 
 B)False

Question 15

_______________ is a measure of the magnitude of loss of an asset,and is used in the calculation of a single loss expectancy.

Accepted Answer

The answer of _______________ is a measure of the magnitude...

Question 16

A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.

Accepted Answer

The answer of A(n)_______________ is any characteristic of an asset...

Question 17

A(n)_______________ is a measure taken to detect,prevent,or mitigate the risk associated with a threat.

Accepted Answer

The answer of A(n)_______________ is a measure taken to detect,prevent,or...

Question 18

A risk that remains after implementing controls is termed a(n)_______________.

Accepted Answer

The answer of A risk that remains after implementing controls...

Question 19

Which management tool is used for identifying relationships between a risk and the factors that can cause it?

Accepted Answer

A) Affinity grouping 
B) Cause and effect analysis 
C) Interrelationship digraphs 
D) Risk management plan 
A) Affinity grouping 
B) Cause and effect analysis 
C) Interrelationship digraphs 
D) Risk management plan

Question 20

Residual risk is covered by insurance companies.

Accepted Answer

A) True 
 B)False

Exam 20: Risk Management

Which of the following describes the process of asset identification during a risk assessment?

_______________ are histograms that rank the categories in a chart from most frequent to least frequent,thus facilitating risk prioritization.

It is recognized throughout the industry that the best type of risk assessment to conduct is a purely quantitative one.

Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?

Which of the following is the formula for single loss expectancy (SLE)?

A risk management plan is a comprehensive document that explains how risks will be identified on a given project.

Cause and effect analysis is the process of identifying relationships between a risk and the organization's needs.

How can the purpose of risk management best be described?

An organization can reduce its risks to zero through careful planning and implementation.

What are the steps for the software engineering institute model for risk management?

_______________ is the overall decision-making process of identifying threats and vulnerabilities and their potential impacts,determining the costs to mitigate such events,and deciding what actions are cost effective for controlling these risks.

Using the general risk management model,direct loss of money,interruption of business activity,and breach of confidence,fall under which step?

Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?

Performing a cost/benefit analysis to determine the effectiveness of a countermeasure is not a useful way to evaluate a countermeasure,because risk needs to be reduced at any cost.

_______________ is a measure of the magnitude of loss of an asset,and is used in the calculation of a single loss expectancy.

A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.

A(n)_______________ is a measure taken to detect,prevent,or mitigate the risk associated with a threat.

A risk that remains after implementing controls is termed a(n)_______________.

Which management tool is used for identifying relationships between a risk and the factors that can cause it?

Residual risk is covered by insurance companies.

Introduction and Security Trends

General Security Concepts

Operational-Organizational Security

The Role of People in Security

Cryptography

Public Key Infrastructure

Standards and Protocols

Physical Security

Network Fundamentals

Infrastructure Security

Authentication and Remote Access

Wireless

Intrusion Detection Systems and Network Security

Baselines

Types of Attacks and Malicious Software

E-Mail and Instant Messaging

Web Components

Secure Software Development

Disaster Recovery, Business Continuity, and Organizational Policies

Change Management

Privilege Management

Computer Forensics

Legal Issues and Ethics

Privacy

Filters