Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 15: Risk Mitigation

Full screen (f)
exit full mode
Question
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

A)incident reporting
B)incident management
C)incident handling
D)incident planning
Use Space or
up arrow
down arrow
to flip the card.
Question
The classification designation of government documents is typically Top Secret,Secret,Unusual,Confidential,and Unclassified.
Question
Select the option that best describes an asset:

A)any item that is used by all employees
B)any item that is owned by an enterprise
C)any item that has a positive economic value
D)any item that is used by management
Question
Risk avoidance involves identifying the risk and making the decision to engage in the activity.
Question
A subject's privilege over an object should follow the principle of least privilege.
Question
Distributive allocation refers to "eliminating" the risk.
Question
A collection of suggestions that should be implemented is referred to as a:

A)security policy
B)baseline
C)guideline
D)security procedure
Question
Many cloud providers allow customers to perform penetration tests and vulnerability scans without permission and whenever is necessary.
Question
A physical control attempts to discourage security violations before they occur.
Question
What term can be described as a function of threats,consequences of those threats,and the resulting vulnerabilities?

A)threat
B)mitigation
C)risk
D)management
Question
A security control is any device or process that is used to reduce risk.
Question
Vendor-specific guides are useful for configuring web servers,operating systems,applications servers,and network infrastructure devices.
Question
What can be defined as the planning,coordination,and communications functions that are needed to resolve an incident in an efficient manner?

A)incident reporting
B)incident management
C)incident handling
D)incident planning
Question
What kind of policy defines the actions users may perform while accessing systems and networking equipment?

A)VPN access policy
B)network use policy
C)privacy use policy
D)acceptable use policy
Question
The FIT calculation is another way of reporting MTTF.
Question
A written document that states how an organization plans to protect the company's information technology assets is a:

A)security policy
B)guideline
C)security procedure
D)standard
Question
Due to the potential impact of changes that can affect all users in an organization,and considering that security vulnerabilities can arise from uncoordinated changes,what should an organization create to oversee changes?

A)change management team
B)incident response team
C)security control team
D)compliance team
Question
Assessing risk should include testing of technology assets to identify any vulnerabilities.
Question
Generally considered to be the most important information security policies,what item below defines the actions a user may perform while accessing systems and networking equipment?

A)acceptable use policies
B)encryption policies
C)data loss policies
D)VPN policies
Question
Select the option that best describes a policy:

A)A collection of requirements specific to the system or procedure that must be met by everyone
B)A collection of suggestions that should be implemented
C)A list of all items that have a positive economic value
D)A document that outlines specific requirements or rules that must be met
Question
Which of the following is an agreement that is intended to minimize security risks for data transmitted across a network?

A)MOU
B)SLA
C)BPA
D)ISA
Question
Which of the following is a basic measure of reliability for systems that cannot be repaired?

A)mean time to recovery
B)mean time to failure
C)mean time to operate
D)failure in time
Question
Which threat category impacts the daily business of the organization?

A)operational
B)compliance
C)strategic
D)managerial
Question
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

A)visual
B)auditory
C)kinesthetic
D)spatial
Question
What type of control is designed to provide an alternative to normal controls that for some reason cannot be used.?

A)preventive control
B)compensating control
C)detective control
D)deterrent control
Question
What type of risk calculation uses an "educated guess" based on observation?

A)quantitative risk calculation
B)environmental risk calculation
C)qualitative risk calculation
D)observational risk calculation
Question
Which of the following refers to the start-up relationship between partners?

A)partner on-boarding
B)partner trust
C)partner beginning
D)starting partner agreement
Question
Which term below describes the art of helping an adult learn?

A)andragogical
B)pedagogical
C)deontological
D)metagogical
Question
What describes an agreement between two or more parties and demonstrates a "convergence of will" between the parties?so that they can work together?

A)MOU
B)NDA
C)BPA
D)ISA
Question
What term best describes the ability to continue to function as the size or volume of the enterprise data center expands to meet the growing demands?

A)adaptability
B)automation
C)flexibility
D)scalability
Question
What type of learner learns best through hands-on approaches?

A)visual
B)auditory
C)kinesthetic
D)spatial
Question
Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?

A)social media network
B)social engineering network
C)social management network
D)social control network
Question
What is a service contract between a vendor and a client that specifies what services will be provided,the responsibilities of each party,and any guarantees of service?

A)MOU
B)SLA
C)BPA
D)ISA
Question
What control is designed to identify any threat that has reached the system?

A)preventive control
B)compensating control
C)detective control
D)deterrent control
Question
Which of the following is considered to be a common security issue? (Choose all that apply. )

A)management issues
B)certificate issues
C)encrypted credentials
D)authentication issues
Question
What type of threat is a threat related to the natural surroundings of an enterprise?

A)external threat
B)environmental threat
C)internal threat
D)biological threat
Question
Which of the following is a network that moves a product from the supplier to the customer and is comprised of vendors that supply raw material,manufacturers who convert the material into products,warehouses that store products,distribution centers that deliver them to the retailers,and retailers who bring the product to the consumer?

A)supply chain
B)supply chain assessment
C)supply sphere
D)supply network
Question
Select the specific type of interview that is usually conducted when an employee leaves the company?

A)last interview
B)initial interview
C)exit interview
D)post interview
Question
Which threat category affects the long-term goals of the organization?

A)operational
B)compliance
C)strategic
D)managerial
Question
What specific type of mechanism should be utilized by all types of training to provide input from participants on the training's effectiveness so that any needed modifications can be made for future training?

A)participant feedback mechanism
B)survey feedback mechanism
C)training mechanism
D)feedback mechanism
Question
What are the two risk calculation formulas commonly used to calculate expected losses?
Question
Explain the concept of change management.
Question
Why should authorization be obtained for penetration testing and vulnerability testing?
Question
What is a security control?
Question
Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Question
What is a risk register?
Question
List and describe three of the six risk categories.
Question
What is mean time to recovery (MTTR)?
Question
What is privilege management?
Question
Explain how continuous monitoring can benefit an IT enterprise's operations.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 15: Risk Mitigation
1
What is the name for a framework and corresponding functions required to enable incident response and incident handling within an organization?

A)incident reporting
B)incident management
C)incident handling
D)incident planning
B
2
The classification designation of government documents is typically Top Secret,Secret,Unusual,Confidential,and Unclassified.
False
3
Select the option that best describes an asset:

A)any item that is used by all employees
B)any item that is owned by an enterprise
C)any item that has a positive economic value
D)any item that is used by management
C
4
Risk avoidance involves identifying the risk and making the decision to engage in the activity.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
A subject's privilege over an object should follow the principle of least privilege.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
Distributive allocation refers to "eliminating" the risk.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
A collection of suggestions that should be implemented is referred to as a:

A)security policy
B)baseline
C)guideline
D)security procedure
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
Many cloud providers allow customers to perform penetration tests and vulnerability scans without permission and whenever is necessary.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
A physical control attempts to discourage security violations before they occur.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
What term can be described as a function of threats,consequences of those threats,and the resulting vulnerabilities?

A)threat
B)mitigation
C)risk
D)management
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
A security control is any device or process that is used to reduce risk.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
Vendor-specific guides are useful for configuring web servers,operating systems,applications servers,and network infrastructure devices.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
What can be defined as the planning,coordination,and communications functions that are needed to resolve an incident in an efficient manner?

A)incident reporting
B)incident management
C)incident handling
D)incident planning
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
What kind of policy defines the actions users may perform while accessing systems and networking equipment?

A)VPN access policy
B)network use policy
C)privacy use policy
D)acceptable use policy
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
The FIT calculation is another way of reporting MTTF.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
A written document that states how an organization plans to protect the company's information technology assets is a:

A)security policy
B)guideline
C)security procedure
D)standard
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
Due to the potential impact of changes that can affect all users in an organization,and considering that security vulnerabilities can arise from uncoordinated changes,what should an organization create to oversee changes?

A)change management team
B)incident response team
C)security control team
D)compliance team
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Assessing risk should include testing of technology assets to identify any vulnerabilities.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Generally considered to be the most important information security policies,what item below defines the actions a user may perform while accessing systems and networking equipment?

A)acceptable use policies
B)encryption policies
C)data loss policies
D)VPN policies
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
Select the option that best describes a policy:

A)A collection of requirements specific to the system or procedure that must be met by everyone
B)A collection of suggestions that should be implemented
C)A list of all items that have a positive economic value
D)A document that outlines specific requirements or rules that must be met
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following is an agreement that is intended to minimize security risks for data transmitted across a network?

A)MOU
B)SLA
C)BPA
D)ISA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
Which of the following is a basic measure of reliability for systems that cannot be repaired?

A)mean time to recovery
B)mean time to failure
C)mean time to operate
D)failure in time
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
Which threat category impacts the daily business of the organization?

A)operational
B)compliance
C)strategic
D)managerial
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
What type of learner tends to sit in the middle of the class and learns best through lectures and discussions?

A)visual
B)auditory
C)kinesthetic
D)spatial
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
What type of control is designed to provide an alternative to normal controls that for some reason cannot be used.?

A)preventive control
B)compensating control
C)detective control
D)deterrent control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
What type of risk calculation uses an "educated guess" based on observation?

A)quantitative risk calculation
B)environmental risk calculation
C)qualitative risk calculation
D)observational risk calculation
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
Which of the following refers to the start-up relationship between partners?

A)partner on-boarding
B)partner trust
C)partner beginning
D)starting partner agreement
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
Which term below describes the art of helping an adult learn?

A)andragogical
B)pedagogical
C)deontological
D)metagogical
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
What describes an agreement between two or more parties and demonstrates a "convergence of will" between the parties?so that they can work together?

A)MOU
B)NDA
C)BPA
D)ISA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
What term best describes the ability to continue to function as the size or volume of the enterprise data center expands to meet the growing demands?

A)adaptability
B)automation
C)flexibility
D)scalability
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
What type of learner learns best through hands-on approaches?

A)visual
B)auditory
C)kinesthetic
D)spatial
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
Websites that group individuals and organizations into clusters or groups based on some sort are considered to be what type of networks?

A)social media network
B)social engineering network
C)social management network
D)social control network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
What is a service contract between a vendor and a client that specifies what services will be provided,the responsibilities of each party,and any guarantees of service?

A)MOU
B)SLA
C)BPA
D)ISA
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
What control is designed to identify any threat that has reached the system?

A)preventive control
B)compensating control
C)detective control
D)deterrent control
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Which of the following is considered to be a common security issue? (Choose all that apply. )

A)management issues
B)certificate issues
C)encrypted credentials
D)authentication issues
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
What type of threat is a threat related to the natural surroundings of an enterprise?

A)external threat
B)environmental threat
C)internal threat
D)biological threat
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
Which of the following is a network that moves a product from the supplier to the customer and is comprised of vendors that supply raw material,manufacturers who convert the material into products,warehouses that store products,distribution centers that deliver them to the retailers,and retailers who bring the product to the consumer?

A)supply chain
B)supply chain assessment
C)supply sphere
D)supply network
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
Select the specific type of interview that is usually conducted when an employee leaves the company?

A)last interview
B)initial interview
C)exit interview
D)post interview
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
Which threat category affects the long-term goals of the organization?

A)operational
B)compliance
C)strategic
D)managerial
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
What specific type of mechanism should be utilized by all types of training to provide input from participants on the training's effectiveness so that any needed modifications can be made for future training?

A)participant feedback mechanism
B)survey feedback mechanism
C)training mechanism
D)feedback mechanism
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
What are the two risk calculation formulas commonly used to calculate expected losses?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
Explain the concept of change management.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Why should authorization be obtained for penetration testing and vulnerability testing?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
What is a security control?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
Contrast the difference between a pedagogical approach versus an andragogical approach to subject matter.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
What is a risk register?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
List and describe three of the six risk categories.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
What is mean time to recovery (MTTR)?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What is privilege management?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Explain how continuous monitoring can benefit an IT enterprise's operations.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree