Ch1 Quiz

Question 1

When a company chooses to ignore a risk and proceed with a risky activity, which treatment is being applied by default?

A. Mitigation
B. Avoidance
C. Acceptance
D. Transference

Answer 1

C. Acceptance

Question 2

This can protect information in a file cabinet from being viewed by unauthorized persons (confidentiality) as well as keeping any documents from being modified (integrity).

Answer 2

Door Lock

Question 3

This one is abstract but could be linked to availability, because the sooner it works, the more data remains available.

Answer 3

Fire Extinguisher

Question 4

This can provide confidentiality by protecting data from unauthorized access and integrity from unauthorized changes. It could even be stretched to provide availability if shared emergency access to information is needed by more than one person.

Answer 4

Password Policy

Question 5

This is usually associated with integrity, to protect files from tampering or to provide non-repudiation. It is also commonly used to protect data in transit from prying eyes, so it could be aiding confidentiality as well.  

Answer 5

Encryption

Question 6

This protects availability by ensuring continued access to systems during a power outage.

Answer 6

Generator

Question 7

This would most generally be associated with confidentiality and identity management, but could be argued for all three, the same as a password policy.

Answer 7

Biometrics