Multiple Choice
Which of the following is NOT a valid rule of thumb on risk control strategy selection?
A) When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exercised.
B) When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.
C) When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or negate the attacker's gain, by using technical or operational controls.
D) When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.
Correct Answer:
Verified
Correct Answer:
Verified
Q28: Cost Benefit Analysis is determined by calculating
Q29: Common sense dictates that an organization should
Q30: The _ is the calculation of the
Q31: <u>Avoidance</u> of risk is the choice to
Q32: Asset<u> evaluation</u> is the process of assigning
Q34: Mitigation depends on the ability to<u> detect
Q35: The Microsoft Risk Management Approach includes four
Q36: The final choice of a risk control
Q37: When a vulnerability (flaw or weakness)exists,you should
Q38: Step-by-step rules to regain normalcy is covered