Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 14: Risk Mitigation

Full screen (f)
exit full mode
Question
A policy that addresses security as it relates to human resources is known as a(n) ____ policy.

A) VPN
B) acceptable use
C) security-related human resource
D) technical
Use Space or
up arrow
down arrow
to flip the card.
Question
____ are generally considered to be the most important information security policies.

A) Acceptable use policies
B) Encryption policies
C) Data loss policies
D) VPN policies
Question
At the heart of information security is the concept of ____.

A) threat
B) mitigation
C) risk
D) management
Question
____ are a person's fundamental beliefs and principles used to define what is good, right, and just.

A) Morals
B) Values
C) Ethics
D) Standards
Question
Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
Question
____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.

A) Values
B) Morals
C) Ethics
D) Standards
Question
The objective of incident response is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.
Question
____ is the planning, coordination, communications, and planning functions that are needed in order to resolve an incident in an efficient manner.

A) Incident reporting
B) Incident management
C) Incident planning
D) Incident handling
Question
A(n) ____ policy is designed to produce a standardized framework for classifying information assets.

A) VPN
B) acceptable use
C) privacy
D) classification of information
Question
Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
Question
____ may be defined as the components required to identify, analyze, and contain that incident.

A) Vulnerability response
B) Incident response
C) Risk response
D) Threat response
Question
Education in an enterprise is limited to the average employee.
Question
____ can be defined as the "framework" and functions required to enable incident response and incident handling within an organization.

A) Incident reporting
B) Incident management
C) Incident handling
D) Incident planning
Question
Because the impact of changes can potentially affect all users, and uncoordinated changes can result in security vulnerabilities, many organizations create a(n) ____ to oversee the changes.

A) change management team
B) incident response team
C) security control team
D) compliance team
Question
A ____ is a written document that states how an organization plans to protect the company's information technology assets.

A) security policy
B) guideline
C) security procedure
D) standard
Question
____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.

A) Morals
B) Ethics
C) Standards
D) Morays
Question
A ____ is a collection of suggestions that should be implemented.

A) security policy
B) baseline
C) guideline
D) security procedure
Question
A(n) ____ policy outlines how the organization uses personal information it collects.

A) VPN
B) network
C) encryption
D) privacy
Question
A ____ is a document that outlines specific requirements or rules that must be met.

A) procedure
B) standard
C) guideline
D) policy
Question
A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
Question
What are the duties of the CMT?
Question
The Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school contacts are called ____ sites.

A) social networking
B) social engineering
C) social management
D) social control
Question
Which roles should be represented on the security policy development team?
Question
What are the typical classification designations of government documents?
Question
____ learners learn through a lab environment or other hands-on approaches.

A) Visual
B) Auditory
C) Kinesthetic
D) Spatial
Question
____ learners tend to sit in the middle of the class and learn best through lectures and discussions.

A) Visual
B) Auditory
C) Kinesthetic
D) Spatial
Question
What is a general security tip for using a social networking site?
Question
List two characteristics of a policy.
Question
A(n) ____ approach is the art of helping an adult learn.

A) andragogical
B) pedagogical
C) deontological
D) metagogical
Question
When designing a security policy, many organizations follow a standard set of ____________________.
Question
____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video, and data, or real-time data transmission such as telephony traffic.

A) Peer
B) Client-server
C) P2P
D) Share
Question
List one reason why social networking sites are popular with attackers.
Question
List and describe two risk categories.
Question
A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
Question
____ learners learn through taking notes, being at the front of the class, and watching presentations.

A) Kinesthetic
B) Auditory
C) Spatial
D) Visual
Question
____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
Question
A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.
Question
List four attributes that should be compiled for new equipment in the change management documentation.
Question
Most people are taught using a(n) ____________________ approach.
Question
Identify two opportunities for security education and training.
Question
Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Question
Match between columns
Premises:
Responses:
Periodic reviewing of a subject's privileges over an object
Privilege management
Periodic reviewing of a subject's privileges over an object
Threat
Periodic reviewing of a subject's privileges over an object
Threat agent
Periodic reviewing of a subject's privileges over an object
Vulnerability
Periodic reviewing of a subject's privileges over an object
Risk
Periodic reviewing of a subject's privileges over an object
Privilege
Periodic reviewing of a subject's privileges over an object
Privilege auditing
Periodic reviewing of a subject's privileges over an object
Change management
Periodic reviewing of a subject's privileges over an object
Social networking
Refers to a methodology for making modifications and keeping track of those changes
Privilege management
Refers to a methodology for making modifications and keeping track of those changes
Threat
Refers to a methodology for making modifications and keeping track of those changes
Threat agent
Refers to a methodology for making modifications and keeping track of those changes
Vulnerability
Refers to a methodology for making modifications and keeping track of those changes
Risk
Refers to a methodology for making modifications and keeping track of those changes
Privilege
Refers to a methodology for making modifications and keeping track of those changes
Privilege auditing
Refers to a methodology for making modifications and keeping track of those changes
Change management
Refers to a methodology for making modifications and keeping track of those changes
Social networking
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Privilege management
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Threat
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Threat agent
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Vulnerability
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Risk
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Privilege
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Privilege auditing
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Change management
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Social networking
A subject's access level over an object, such as a user's ability to open a payroll file
Privilege management
A subject's access level over an object, such as a user's ability to open a payroll file
Threat
A subject's access level over an object, such as a user's ability to open a payroll file
Threat agent
A subject's access level over an object, such as a user's ability to open a payroll file
Vulnerability
A subject's access level over an object, such as a user's ability to open a payroll file
Risk
A subject's access level over an object, such as a user's ability to open a payroll file
Privilege
A subject's access level over an object, such as a user's ability to open a payroll file
Privilege auditing
A subject's access level over an object, such as a user's ability to open a payroll file
Change management
A subject's access level over an object, such as a user's ability to open a payroll file
Social networking
The likelihood that the threat agent will exploit the vulnerability
Privilege management
The likelihood that the threat agent will exploit the vulnerability
Threat
The likelihood that the threat agent will exploit the vulnerability
Threat agent
The likelihood that the threat agent will exploit the vulnerability
Vulnerability
The likelihood that the threat agent will exploit the vulnerability
Risk
The likelihood that the threat agent will exploit the vulnerability
Privilege
The likelihood that the threat agent will exploit the vulnerability
Privilege auditing
The likelihood that the threat agent will exploit the vulnerability
Change management
The likelihood that the threat agent will exploit the vulnerability
Social networking
A person or element that has the power to carry out a threat
Privilege management
A person or element that has the power to carry out a threat
Threat
A person or element that has the power to carry out a threat
Threat agent
A person or element that has the power to carry out a threat
Vulnerability
A person or element that has the power to carry out a threat
Risk
A person or element that has the power to carry out a threat
Privilege
A person or element that has the power to carry out a threat
Privilege auditing
A person or element that has the power to carry out a threat
Change management
A person or element that has the power to carry out a threat
Social networking
A flaw or weakness that allows a threat agent to bypass security
Privilege management
A flaw or weakness that allows a threat agent to bypass security
Threat
A flaw or weakness that allows a threat agent to bypass security
Threat agent
A flaw or weakness that allows a threat agent to bypass security
Vulnerability
A flaw or weakness that allows a threat agent to bypass security
Risk
A flaw or weakness that allows a threat agent to bypass security
Privilege
A flaw or weakness that allows a threat agent to bypass security
Privilege auditing
A flaw or weakness that allows a threat agent to bypass security
Change management
A flaw or weakness that allows a threat agent to bypass security
Social networking
A type of action that has the potential to cause harm
Privilege management
A type of action that has the potential to cause harm
Threat
A type of action that has the potential to cause harm
Threat agent
A type of action that has the potential to cause harm
Vulnerability
A type of action that has the potential to cause harm
Risk
A type of action that has the potential to cause harm
Privilege
A type of action that has the potential to cause harm
Privilege auditing
A type of action that has the potential to cause harm
Change management
A type of action that has the potential to cause harm
Social networking
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 14: Risk Mitigation
1
A policy that addresses security as it relates to human resources is known as a(n) ____ policy.

A) VPN
B) acceptable use
C) security-related human resource
D) technical
C
2
____ are generally considered to be the most important information security policies.

A) Acceptable use policies
B) Encryption policies
C) Data loss policies
D) VPN policies
A
3
At the heart of information security is the concept of ____.

A) threat
B) mitigation
C) risk
D) management
C
4
____ are a person's fundamental beliefs and principles used to define what is good, right, and just.

A) Morals
B) Values
C) Ethics
D) Standards
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
____ can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments.

A) Values
B) Morals
C) Ethics
D) Standards
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
The objective of incident response is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
____ is the planning, coordination, communications, and planning functions that are needed in order to resolve an incident in an efficient manner.

A) Incident reporting
B) Incident management
C) Incident planning
D) Incident handling
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
A(n) ____ policy is designed to produce a standardized framework for classifying information assets.

A) VPN
B) acceptable use
C) privacy
D) classification of information
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
____ may be defined as the components required to identify, analyze, and contain that incident.

A) Vulnerability response
B) Incident response
C) Risk response
D) Threat response
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
Education in an enterprise is limited to the average employee.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
____ can be defined as the "framework" and functions required to enable incident response and incident handling within an organization.

A) Incident reporting
B) Incident management
C) Incident handling
D) Incident planning
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
Because the impact of changes can potentially affect all users, and uncoordinated changes can result in security vulnerabilities, many organizations create a(n) ____ to oversee the changes.

A) change management team
B) incident response team
C) security control team
D) compliance team
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
A ____ is a written document that states how an organization plans to protect the company's information technology assets.

A) security policy
B) guideline
C) security procedure
D) standard
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
____ are values that are attributed to a system of beliefs that help the individual distinguish right from wrong.

A) Morals
B) Ethics
C) Standards
D) Morays
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
A ____ is a collection of suggestions that should be implemented.

A) security policy
B) baseline
C) guideline
D) security procedure
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
A(n) ____ policy outlines how the organization uses personal information it collects.

A) VPN
B) network
C) encryption
D) privacy
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
A ____ is a document that outlines specific requirements or rules that must be met.

A) procedure
B) standard
C) guideline
D) policy
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
What are the duties of the CMT?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
The Web sites that facilitate linking individuals with common interests like hobbies, religion, politics, or school contacts are called ____ sites.

A) social networking
B) social engineering
C) social management
D) social control
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
Which roles should be represented on the security policy development team?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
What are the typical classification designations of government documents?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
____ learners learn through a lab environment or other hands-on approaches.

A) Visual
B) Auditory
C) Kinesthetic
D) Spatial
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
____ learners tend to sit in the middle of the class and learn best through lectures and discussions.

A) Visual
B) Auditory
C) Kinesthetic
D) Spatial
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
What is a general security tip for using a social networking site?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
List two characteristics of a policy.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
A(n) ____ approach is the art of helping an adult learn.

A) andragogical
B) pedagogical
C) deontological
D) metagogical
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
When designing a security policy, many organizations follow a standard set of ____________________.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
____ networks are typically used for connecting devices on an ad hoc basis for file sharing of audio, video, and data, or real-time data transmission such as telephony traffic.

A) Peer
B) Client-server
C) P2P
D) Share
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
List one reason why social networking sites are popular with attackers.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
List and describe two risk categories.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
____ learners learn through taking notes, being at the front of the class, and watching presentations.

A) Kinesthetic
B) Auditory
C) Spatial
D) Visual
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
List four attributes that should be compiled for new equipment in the change management documentation.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
Most people are taught using a(n) ____________________ approach.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
Identify two opportunities for security education and training.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
Match between columns
Premises:
Responses:
Periodic reviewing of a subject's privileges over an object
Privilege management
Periodic reviewing of a subject's privileges over an object
Threat
Periodic reviewing of a subject's privileges over an object
Threat agent
Periodic reviewing of a subject's privileges over an object
Vulnerability
Periodic reviewing of a subject's privileges over an object
Risk
Periodic reviewing of a subject's privileges over an object
Privilege
Periodic reviewing of a subject's privileges over an object
Privilege auditing
Periodic reviewing of a subject's privileges over an object
Change management
Periodic reviewing of a subject's privileges over an object
Social networking
Refers to a methodology for making modifications and keeping track of those changes
Privilege management
Refers to a methodology for making modifications and keeping track of those changes
Threat
Refers to a methodology for making modifications and keeping track of those changes
Threat agent
Refers to a methodology for making modifications and keeping track of those changes
Vulnerability
Refers to a methodology for making modifications and keeping track of those changes
Risk
Refers to a methodology for making modifications and keeping track of those changes
Privilege
Refers to a methodology for making modifications and keeping track of those changes
Privilege auditing
Refers to a methodology for making modifications and keeping track of those changes
Change management
Refers to a methodology for making modifications and keeping track of those changes
Social networking
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Privilege management
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Threat
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Threat agent
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Vulnerability
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Risk
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Privilege
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Privilege auditing
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Change management
Grouping individuals and organizations into clusters or groups based on some sort of affiliation
Social networking
A subject's access level over an object, such as a user's ability to open a payroll file
Privilege management
A subject's access level over an object, such as a user's ability to open a payroll file
Threat
A subject's access level over an object, such as a user's ability to open a payroll file
Threat agent
A subject's access level over an object, such as a user's ability to open a payroll file
Vulnerability
A subject's access level over an object, such as a user's ability to open a payroll file
Risk
A subject's access level over an object, such as a user's ability to open a payroll file
Privilege
A subject's access level over an object, such as a user's ability to open a payroll file
Privilege auditing
A subject's access level over an object, such as a user's ability to open a payroll file
Change management
A subject's access level over an object, such as a user's ability to open a payroll file
Social networking
The likelihood that the threat agent will exploit the vulnerability
Privilege management
The likelihood that the threat agent will exploit the vulnerability
Threat
The likelihood that the threat agent will exploit the vulnerability
Threat agent
The likelihood that the threat agent will exploit the vulnerability
Vulnerability
The likelihood that the threat agent will exploit the vulnerability
Risk
The likelihood that the threat agent will exploit the vulnerability
Privilege
The likelihood that the threat agent will exploit the vulnerability
Privilege auditing
The likelihood that the threat agent will exploit the vulnerability
Change management
The likelihood that the threat agent will exploit the vulnerability
Social networking
A person or element that has the power to carry out a threat
Privilege management
A person or element that has the power to carry out a threat
Threat
A person or element that has the power to carry out a threat
Threat agent
A person or element that has the power to carry out a threat
Vulnerability
A person or element that has the power to carry out a threat
Risk
A person or element that has the power to carry out a threat
Privilege
A person or element that has the power to carry out a threat
Privilege auditing
A person or element that has the power to carry out a threat
Change management
A person or element that has the power to carry out a threat
Social networking
A flaw or weakness that allows a threat agent to bypass security
Privilege management
A flaw or weakness that allows a threat agent to bypass security
Threat
A flaw or weakness that allows a threat agent to bypass security
Threat agent
A flaw or weakness that allows a threat agent to bypass security
Vulnerability
A flaw or weakness that allows a threat agent to bypass security
Risk
A flaw or weakness that allows a threat agent to bypass security
Privilege
A flaw or weakness that allows a threat agent to bypass security
Privilege auditing
A flaw or weakness that allows a threat agent to bypass security
Change management
A flaw or weakness that allows a threat agent to bypass security
Social networking
A type of action that has the potential to cause harm
Privilege management
A type of action that has the potential to cause harm
Threat
A type of action that has the potential to cause harm
Threat agent
A type of action that has the potential to cause harm
Vulnerability
A type of action that has the potential to cause harm
Risk
A type of action that has the potential to cause harm
Privilege
A type of action that has the potential to cause harm
Privilege auditing
A type of action that has the potential to cause harm
Change management
A type of action that has the potential to cause harm
Social networking
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree