Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 20: Risk Management

Full screen (f)
exit full mode
Question
How can the purpose of risk management best be described?

A)A method to improve the performance of the organizations stock portfolio
B)To take cost effective measures to reduce potential risk to the organization to an acceptable level
C)A method to inform management of the types of assets the company controls
D)A means of getting cheaper insurance for the organization
Use Space or
up arrow
down arrow
to flip the card.
Question
Using the general risk management model,natural disasters,terrorism,fraud,equipment failure,fall under which step?

A)Asset identification
B)Threat assessment
C)Impact determination and quantification
D)Residual risk management
Question
Which of the following is the value for the expected loss of a single asset?

A)SLE
B)ALE
C)SRO
D)ARO
Question
Which of the following is the value for the number of times an event is expected to occur in a year?

A)SLE
B)ALE
C)SRO
D)ARO
Question
Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?

A)Pareto charts
B)Gantt charts
C)Interrelationship digraphs
D)PERT charts
Question
How can risk best be described?

A)The possibility of suffering harm or loss
B)The chance that the organization will go bankrupt
C)Something that is dependent on the types of insurance the company buys
D)Something that is dependent on the overall asset value of the company
Question
Using the general risk management model,direct loss of money,interruption of business activity,and breach of confidence,fall under which step?

A)Asset identification
B)Threat assessment
C)Impact determination and quantification
D)Residual risk management
Question
Calculate the SLE based on the following information:
The asset value is 4 million dollars.
The exposure factor is about 25 percent.
What is the SLE?

A)3 million dollars
B)4.25 million dollars
C)5 million dollars
D)1 million dollars
Question
Contract management,fraud,regulatory risk management,and business continuity management are examples of

A)Business risks
B)Technology risks
C)Market risks
D)Operational risks
Question
Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?

A)SLE
B)ALE
C)SRO
D)ARO
Question
Which management tool is used for identifying relationships between a risk and the factors that can cause it?

A)Affinity grouping
B)Cause and effect analysis
C)Interrelationship digraphs
D)Risk management plan
Question
What are the steps for the software engineering institute model for risk management?

A)Identify,analyze,plan,track,and control
B)Analyze,track,identify,plan,and control
C)Identify assets,threats,vulnerabilities,and exposure factor
D)Cost benefit analysis,control,and review
Question
Which of the following describes the process of threat assessment during a risk assessment?

A)Identifying the possible threats and vulnerabilities associated with each asset,and the likelihood of their occurrence
B)Categorizing and cataloging any threats made against the organization in the last 10 years
C)Establishing a human resource procedure to notify the police if anyone threatens an employee
D)Assessing the total net worth of the company,and then selecting an insurance company to insure the company against all threats.
Question
Risk management is most often

A)Purely qualitative
B)Purely quantitative
C)Both qualitative and quantitative
D)Purely objective
Question
Which of the following is the formula for single loss expectancy (SLE)?

A)The exposure factor added to the asset
B)The asset multiplied by the exposure factor
C)The asset divided by the annual rate of expectancy
D)The asset multiplied by the exposure factor and divided by the annual rate of expectancy
Question
Which management tool is used for diagramming schedules,events,and activity duration?

A)Pareto charts
B)Gantt charts
C)Interrelationship digraphs
D)PERT charts
Question
Which of the following describes the process of asset identification during a risk assessment?

A)Collecting data on the value of bank accounts and other financial notes controlled by the organization
B)Identifying and classifying the assets,systems,and processes that need protection because they are vulnerable to threats
C)Collecting data on the property plant and equipment to be prepared to file an insurance claim
D)Hiring an outside auditing firm to assess the total net worth of the company
Question
Calculate the ALE based on the following information:
The SLE is 4 million dollars.
The ARO is 5%.
What is the ALE?

A)4.5 million dollars
B)2 million dollars
C)200,000 dollars
D)4,200,000 dollars
Question
What is the formula for annual rate of expectancy?

A)The asset multiplied by the exposure factor
B)The exposure factor added to the asset
C)The single loss expectancy multiplied by the annual rate of occurrence
D)The asset divided by the annual rate of expectancy
Question
Information systems testing,change management,and reliability and performance management are examples of which of the following?

A)Business risks
B)Technology risks
C)Market risks
D)Operational risks
Question
A(n)_______________ is a measure taken to detect,prevent,or mitigate the risk associated with a threat.
Question
ALE = SLE * ARO
Question
_______________ is a measure of the magnitude of loss of an asset,and is used in the calculation of a single loss expectancy.
Question
A(n)_______________ is any resource or information an organization needs to conduct its business.
Question
A risk that remains after implementing controls is termed a(n)_______________.
Question
A qualitative risk assessment relies on judgment and experience;quantitative risk assessment applies historical information and trends to attempt to predict future performance.
Question
_______________ are histograms that rank the categories in a chart from most frequent to least frequent,thus facilitating risk prioritization.
Question
Once an organization implements a security plan,they can expect to remain secure for an extended period of time.
Question
Performing a cost/benefit analysis to determine the effectiveness of a countermeasure is not a useful way to evaluate a countermeasure,because risk needs to be reduced at any cost.
Question
The term _______________ refers to taking action to reduce the likelihood of a threat occurring.
Question
Cause and effect analysis is the process of identifying relationships between a risk and the organization's needs.
Question
A risk management plan is a comprehensive document that explains how risks will be identified on a given project.
Question
Residual risk is covered by insurance companies.
Question
An organization can reduce its risks to zero through careful planning and implementation.
Question
A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.
Question
_______________ is the overall decision-making process of identifying threats and vulnerabilities and their potential impacts,determining the costs to mitigate such events,and deciding what actions are cost effective for controlling these risks.
Question
The formulas used to justify the single loss expectancy (SLE)are extremely accurate.
Question
It is recognized throughout the industry that the best type of risk assessment to conduct is a purely quantitative one.
Question
_______________ refers to the loss that results when a threat exploits a vulnerability.
Question
A straightforward method for comparing cost estimates with the benefits of a mitigation strategy is called a(n)_______________.
Question
What are the differences between a qualitative and a quantitative risk assessment?
Question
Describe the use of risk management tools and principles to manage risk effectively.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/42
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 20: Risk Management
1
How can the purpose of risk management best be described?

A)A method to improve the performance of the organizations stock portfolio
B)To take cost effective measures to reduce potential risk to the organization to an acceptable level
C)A method to inform management of the types of assets the company controls
D)A means of getting cheaper insurance for the organization
B
2
Using the general risk management model,natural disasters,terrorism,fraud,equipment failure,fall under which step?

A)Asset identification
B)Threat assessment
C)Impact determination and quantification
D)Residual risk management
B
3
Which of the following is the value for the expected loss of a single asset?

A)SLE
B)ALE
C)SRO
D)ARO
A
4
Which of the following is the value for the number of times an event is expected to occur in a year?

A)SLE
B)ALE
C)SRO
D)ARO
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
5
Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?

A)Pareto charts
B)Gantt charts
C)Interrelationship digraphs
D)PERT charts
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
6
How can risk best be described?

A)The possibility of suffering harm or loss
B)The chance that the organization will go bankrupt
C)Something that is dependent on the types of insurance the company buys
D)Something that is dependent on the overall asset value of the company
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
7
Using the general risk management model,direct loss of money,interruption of business activity,and breach of confidence,fall under which step?

A)Asset identification
B)Threat assessment
C)Impact determination and quantification
D)Residual risk management
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
8
Calculate the SLE based on the following information:
The asset value is 4 million dollars.
The exposure factor is about 25 percent.
What is the SLE?

A)3 million dollars
B)4.25 million dollars
C)5 million dollars
D)1 million dollars
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
9
Contract management,fraud,regulatory risk management,and business continuity management are examples of

A)Business risks
B)Technology risks
C)Market risks
D)Operational risks
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
10
Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?

A)SLE
B)ALE
C)SRO
D)ARO
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
11
Which management tool is used for identifying relationships between a risk and the factors that can cause it?

A)Affinity grouping
B)Cause and effect analysis
C)Interrelationship digraphs
D)Risk management plan
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
12
What are the steps for the software engineering institute model for risk management?

A)Identify,analyze,plan,track,and control
B)Analyze,track,identify,plan,and control
C)Identify assets,threats,vulnerabilities,and exposure factor
D)Cost benefit analysis,control,and review
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following describes the process of threat assessment during a risk assessment?

A)Identifying the possible threats and vulnerabilities associated with each asset,and the likelihood of their occurrence
B)Categorizing and cataloging any threats made against the organization in the last 10 years
C)Establishing a human resource procedure to notify the police if anyone threatens an employee
D)Assessing the total net worth of the company,and then selecting an insurance company to insure the company against all threats.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
14
Risk management is most often

A)Purely qualitative
B)Purely quantitative
C)Both qualitative and quantitative
D)Purely objective
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following is the formula for single loss expectancy (SLE)?

A)The exposure factor added to the asset
B)The asset multiplied by the exposure factor
C)The asset divided by the annual rate of expectancy
D)The asset multiplied by the exposure factor and divided by the annual rate of expectancy
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
16
Which management tool is used for diagramming schedules,events,and activity duration?

A)Pareto charts
B)Gantt charts
C)Interrelationship digraphs
D)PERT charts
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following describes the process of asset identification during a risk assessment?

A)Collecting data on the value of bank accounts and other financial notes controlled by the organization
B)Identifying and classifying the assets,systems,and processes that need protection because they are vulnerable to threats
C)Collecting data on the property plant and equipment to be prepared to file an insurance claim
D)Hiring an outside auditing firm to assess the total net worth of the company
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
18
Calculate the ALE based on the following information:
The SLE is 4 million dollars.
The ARO is 5%.
What is the ALE?

A)4.5 million dollars
B)2 million dollars
C)200,000 dollars
D)4,200,000 dollars
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
19
What is the formula for annual rate of expectancy?

A)The asset multiplied by the exposure factor
B)The exposure factor added to the asset
C)The single loss expectancy multiplied by the annual rate of occurrence
D)The asset divided by the annual rate of expectancy
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
20
Information systems testing,change management,and reliability and performance management are examples of which of the following?

A)Business risks
B)Technology risks
C)Market risks
D)Operational risks
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
21
A(n)_______________ is a measure taken to detect,prevent,or mitigate the risk associated with a threat.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
22
ALE = SLE * ARO
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
23
_______________ is a measure of the magnitude of loss of an asset,and is used in the calculation of a single loss expectancy.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
24
A(n)_______________ is any resource or information an organization needs to conduct its business.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
25
A risk that remains after implementing controls is termed a(n)_______________.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
26
A qualitative risk assessment relies on judgment and experience;quantitative risk assessment applies historical information and trends to attempt to predict future performance.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
27
_______________ are histograms that rank the categories in a chart from most frequent to least frequent,thus facilitating risk prioritization.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
28
Once an organization implements a security plan,they can expect to remain secure for an extended period of time.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
29
Performing a cost/benefit analysis to determine the effectiveness of a countermeasure is not a useful way to evaluate a countermeasure,because risk needs to be reduced at any cost.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
30
The term _______________ refers to taking action to reduce the likelihood of a threat occurring.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
31
Cause and effect analysis is the process of identifying relationships between a risk and the organization's needs.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
32
A risk management plan is a comprehensive document that explains how risks will be identified on a given project.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
33
Residual risk is covered by insurance companies.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
34
An organization can reduce its risks to zero through careful planning and implementation.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
35
A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
36
_______________ is the overall decision-making process of identifying threats and vulnerabilities and their potential impacts,determining the costs to mitigate such events,and deciding what actions are cost effective for controlling these risks.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
37
The formulas used to justify the single loss expectancy (SLE)are extremely accurate.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
38
It is recognized throughout the industry that the best type of risk assessment to conduct is a purely quantitative one.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
39
_______________ refers to the loss that results when a threat exploits a vulnerability.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
40
A straightforward method for comparing cost estimates with the benefits of a mitigation strategy is called a(n)_______________.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
41
What are the differences between a qualitative and a quantitative risk assessment?
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
42
Describe the use of risk management tools and principles to manage risk effectively.
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 42 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree