Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 14: Risk Mitigation

Full screen (f)
exit full mode
Question
What may be defined as the components required to identify, analyze, and contain an incident?

A)Vulnerability response
B)Incident response
C)Risk response
D)Threat response
Use Space or
up arrow
down arrow
to flip the card.
Question
A written document that states how an organization plans to protect the company's information technology assets is a:

A)security policy
B)guideline
C)security procedure
D)standard
Question
What kind of policy outlines how organizations use personal information it collects?

A)VPN
B)network
C)encryption
D)privacy
Question
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

A)Incident reporting
B)Incident management
C)Incident handling
D)Incident planning
Question
Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

A)change management team
B)incident response team
C)security control team
D)compliance team
Question
Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?

A)Acceptable use policies
B)Encryption policies
C)Data loss policies
D)VPN policies
Question
What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?

A)Morals
B)Ethics
C)Standards
D)Morays
Question
Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
Question
What kind of learners learn from taking notes, being at the front of the class, and watching presentations?

A)Kinesthetic
B)Auditory
C)Spatial
D)Visual
Question
The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.
Question
What type of learner learns best through hands-on approaches?

A)Visual
B)Auditory
C)Kinesthetic
D)Spatial
Question
Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
Question
A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's:

A)Morals
B)Values
C)Ethics
D)Standards
Question
What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments?

A)Values
B)Morals
C)Ethics
D)Standards
Question
Which term below describes the art of helping an adult learn?

A)andragogical
B)pedagogical
C)deontological
D)metagogical
Question
Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites?

A)social networking
B)social engineering
C)social management
D)social control
Question
A collection of suggestions that should be implemented are referred to as a:

A)security policy
B)baseline
C)guideline
D)security procedure
Question
A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
Question
Policies that include statements regarding how an employee's information technology resources will be addressed are part of a:

A)VPN policy
B)acceptable use policy
C)security-related human resource policy
D)technical policy
Question
The first phase of the security policy cycle involves a vulnerability assessment.
Question
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

A)Visual
B)Auditory
C)Kinesthetic
D)Spatial
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​The expected monetary loss every time a risk occurs.
Question
____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
Risk control type that covers the operational procedures to limit risk​
Question
Most people are taught using a(n) ____________________ approach.
​Matching
Question
A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.
Question
​What is the most common type of P2P network?

A)​Kazaa
B)​Bittorrent
C)​eDonkey
D)​Sneakernet
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
A security policy that outlines how the organization uses personal information it collects.​
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
A methodology for making modifications to a system and keeping track of those changes.​
Question
A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
Question
Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?

A)Peer
B)Client-server
C)P2P
D)Share
Question
When designing a security policy, many organizations follow a standard set of ____________________.
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​An event that in the beginning is considered to be a risk yet turns out to not be one.
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
The "framework" and functions required to enable incident response and incident handling within an organization.​
Question
What concept below is at the very heart of information security?

A)threat
B)mitigation
C)risk
D)management
Question
Select below the option that best describes a policy:

A)A collection of requirements specific to the system or procedure that must be met by everyone
B)A collection of suggestions that should be implemented
C)A list of all items that have a positive economic value
D)A document that outlines specific requirements or rules that must be met
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​A policy that defines the actions users may perform while access systems and networking equipment
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​A risk control type that involves using technology to control risk
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​A network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network.
Question
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​An event that does not appear to be a risk but actually turns out to be one.
Question
List two characteristics of a policy.
Question
What are the duties of the CMT?
Question
Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Question
List four attributes that should be compiled for new equipment in the change management documentation.
Question
What is a general security tip for using a social networking site?
Question
Identify two opportunities for security education and training.
Question
What are the typical classification designations of government documents?
Question
Which roles should be represented on the security policy development team?
Question
List one reason why social networking sites are popular with attackers.
Question
List and describe two of the seven risk categories.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 14: Risk Mitigation
1
What may be defined as the components required to identify, analyze, and contain an incident?

A)Vulnerability response
B)Incident response
C)Risk response
D)Threat response
B
2
A written document that states how an organization plans to protect the company's information technology assets is a:

A)security policy
B)guideline
C)security procedure
D)standard
A
3
What kind of policy outlines how organizations use personal information it collects?

A)VPN
B)network
C)encryption
D)privacy
D
4
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

A)Incident reporting
B)Incident management
C)Incident handling
D)Incident planning
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
Due to the potential impact of changes that can affect all users in an organization, and considering that security vulnerabilities can arise from uncoordinated changes, what should an organization create to oversee changes?

A)change management team
B)incident response team
C)security control team
D)compliance team
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Generally considered to be the most important information security policies, what item below defines the actions a user may perform while accessing systems and networking equipment?

A)Acceptable use policies
B)Encryption policies
C)Data loss policies
D)VPN policies
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
What are values that are attributed to a system of beliefs that help the individual distinguish right from wrong called?

A)Morals
B)Ethics
C)Standards
D)Morays
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Most organizations follow a three-phase cycle in the development and maintenance of a security policy.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
What kind of learners learn from taking notes, being at the front of the class, and watching presentations?

A)Kinesthetic
B)Auditory
C)Spatial
D)Visual
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
The objective of incident management is to restore normal operations as quickly as possible with the least possible impact on either the business or the users.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
What type of learner learns best through hands-on approaches?

A)Visual
B)Auditory
C)Kinesthetic
D)Spatial
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Audits serve to verify that the security protections enacted by an organization are being followed and that corrective actions can be swiftly implemented before an attacker exploits a vulnerability.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
A person's fundamental beliefs and principals, which are used to define what is good, and how to distinguish right from wrong, are collectively called a person's:

A)Morals
B)Values
C)Ethics
D)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
What can be defined as the study of what a group of people understand to be good and right behavior and how people make those judgments?

A)Values
B)Morals
C)Ethics
D)Standards
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
Which term below describes the art of helping an adult learn?

A)andragogical
B)pedagogical
C)deontological
D)metagogical
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Websites that group individuals and organizations into clusters or groups based on some sort of affiliation are considered to be what type of websites?

A)social networking
B)social engineering
C)social management
D)social control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
A collection of suggestions that should be implemented are referred to as a:

A)security policy
B)baseline
C)guideline
D)security procedure
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Policies that include statements regarding how an employee's information technology resources will be addressed are part of a:

A)VPN policy
B)acceptable use policy
C)security-related human resource policy
D)technical policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
The first phase of the security policy cycle involves a vulnerability assessment.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

A)Visual
B)Auditory
C)Kinesthetic
D)Spatial
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​The expected monetary loss every time a risk occurs.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
Risk control type that covers the operational procedures to limit risk​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
Most people are taught using a(n) ____________________ approach.
​Matching
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
A(n) ____________________ is a collection of requirements specific to the system or procedure that must be met by everyone.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
​What is the most common type of P2P network?

A)​Kazaa
B)​Bittorrent
C)​eDonkey
D)​Sneakernet
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
A security policy that outlines how the organization uses personal information it collects.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
A methodology for making modifications to a system and keeping track of those changes.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
A(n) ____________________ is a methodical examination and review that produces a detailed report of its findings.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
Which type of network below uses a direct connection between users, and involves each device simultaneously acting as a client and a server?

A)Peer
B)Client-server
C)P2P
D)Share
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
When designing a security policy, many organizations follow a standard set of ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​An event that in the beginning is considered to be a risk yet turns out to not be one.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
The "framework" and functions required to enable incident response and incident handling within an organization.​
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
What concept below is at the very heart of information security?

A)threat
B)mitigation
C)risk
D)management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
Select below the option that best describes a policy:

A)A collection of requirements specific to the system or procedure that must be met by everyone
B)A collection of suggestions that should be implemented
C)A list of all items that have a positive economic value
D)A document that outlines specific requirements or rules that must be met
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​A policy that defines the actions users may perform while access systems and networking equipment
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​A risk control type that involves using technology to control risk
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​A network that does not have servers, so each device simultaneously functions as both a client and a server to all other devices connected to the network.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
Matching
a. Acceptable use policy (AUP)
b. Change management
c. False negative
d. False positive
e. Operational risk control type
f. Privacy policy
g. Technical risk control type
h. Peer-to peer network
i. Single Loss Expectancy (SLE)
j. Incident management
​An event that does not appear to be a risk but actually turns out to be one.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
List two characteristics of a policy.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
What are the duties of the CMT?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
List four attributes that should be compiled for new equipment in the change management documentation.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What is a general security tip for using a social networking site?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Identify two opportunities for security education and training.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
What are the typical classification designations of government documents?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
Which roles should be represented on the security policy development team?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
List one reason why social networking sites are popular with attackers.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
List and describe two of the seven risk categories.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree