IS 3110 CHAP 5

Question 1

What can you use to help quantify risks?

1. SLE
2. ARE
3. Risk assessment
4. Risk mitigation plan
5. All the above

Answer 1

ALL
 SLE
 ARE
 Risk assessment
 Risk mitigation plan

Question 2

A risk ___ is a major component of a risk management plan.

Answer 2

Assessment

Question 3

Risk assessments are a continuous process.

TRUE OR FALSE

Answer 3

FALSE

Question 4

A ___ ___ ___ uses SLE.

Answer 4

Quantitative risk assessment

Question 5

What elements are included in a qualitative analysis

1. SLE, ALE, ARO
2. ALE, ARO, ARP
3. Probability and impact
4. Threats and vulnerabilities

Answer 5

Probability and impact

Question 6

What elements are included in a quantitative analysis?

1. SLE, ALE, ARE
2. ALE, ARO, SAP
3. Probability, impact and money
4. Threats, vulnerabilities and reputation

Answer 6

SLE, ALE, ARE

Question 7

Qualitative analysis is more time consuming than quantitative analysis.
TRUE OR FALSE

Answer 7

FALSE

Question 8

You are trying to decide what type of risk assessment methodology to use. A primary benefit of a ___ risk assessment is that it can be complete quicker than other methods.

Answer 8

Qualitative

Question 9

You are trying to decide what type of risk assessment methodology to use. A primary benefit of a ___ risk assessment is that it includes details for a cost-benefit analysis.

Answer 9

Quantitative

Question 10

What must you define when performing a qualitative risk assessment?

1. Formulas used for ALE
2. Scales used to define probability and impact
3. Scales used to define SLE and ALE
4. Acceptable levels of risk

Answer 10

Scales used to define probability and impact

Question 11

A ___ risk assessment is objective. It uses data that can be verified.

Answer 11

Quantitative

Question 12

A ___ risk assessment is subjective. It relies on the opinions of experts.

Answer 12

Qualitative

Question 13

One of the challenges facing risk assessments is getting accurate data. What can be included in the risk assessment report to give an indication of the reliability of the data?

1. Probability statement
2. Accuracy scale
3. Validity level
4. Uncertainty level

Answer 13

Uncertainty level

Question 14

You are working on a qualitative risk assessment for your company. You are thinking about the final report. What should you consider when providing the results and recommendations? (Select two)

1. Resource allocation
2. SLE and ARO
3. Risk acceptance
4. SLE and ALE

Answer 14

Resource allocation

Risk acceptance

Question 15

Of the following, what would be considered a best practice when performing risk assessments?

1. Start with clear goals and a defined support
2. Ensure support of senior management
3. Repeat the risk assessment regularly
4. Provide clear recommendations
5. All of the above

Answer 15

ALL
 Start with clear goals and a defined support
 Ensure support of senior management
 Repeat the risk assessment regularly
 Provide clear recommendations

Question 16

Total expected loss from a given risk for a year and is calculated by multiplying SLE X ARO. It is also part of a quantitative risk assessment.

Answer 16

Annual loss expectancy (ALE)

Question 17

Number of times loss from a given threat is expected to occur in a year. It is used with the SLE to calculate the ALE and is part of a quantitative risk assessment.

Answer 17

Annualized rate of occurrence (ARO)

Question 18

The amount of the loss resulting from a threat expiating a vulnerability. The loss can be expressed in monetary terms or a relative value. It identifies the severity of the loss and is derived from the opinions of experts.

Answer 18

Impact

Question 19

Used in qualitative risk assessment. It refers to the likelihood that a risk will occur. A risk occurs when a threat exploits a vulnerability. It is derived from the opinions of experts.

Answer 19

Probability

Question 20

A subjective method used for RAs. It uses relative values based on opinions from experts. It can be completed quickly and does not have predefined formulas.

Answer 20

Qualitative Risk assessment

Question 21

An objective method used for RAs. It uses numbers such as actual dollar values. It requires a significant amount of data that can sometime be difficult to obtain. The data is then entered into a formula.

Answer 21

Quantitative Risk assessment

Question 22

This is an acronym for redundant array of independent disks. It is also called redundant array of inexpensive disks. Multiple disks are used together to provide fault tolerance. A fault can occur with a disk and the system can tolerate it and continue to operate.

Answer 22

RAID (redundant array of independent disks)

Question 23

A process used to identify and evaluate risks based on an analysis of threats and vulnerabilities to assets. Quantified based on their importance or impact severity and can be prioritized.

Answer 23

Risk assessment (RA)

Question 24

Another term for a control. Used with controls to mitigate risk. They can mitigate the risk by reducing the impact of the threat. They can also mitigate the risk but reduce the vulnerabilities.

Answer 24

Safeguard

Question 25

The actual cost of control. This data can be used to complete a cost benefit analysis.

Answer 25

Safeguard value

Question 26

Total loss resulting from a single incident. It is expressed as a dollar value. It will include the value of hardware, software, and data. It is used to help calculate ALE (ALE= SLE X ARO). It is a part of quantitative risk assessment.

Answer 26

Single loss expectancy (SLE)

Question 27

The failure of any single component that can result in the total loss of a system. It is typically addressed by adding redundancy. EX. a disk drive can be protected with a RAID configuration. In addition, failover clusters remove servers as a point of failure.

Answer 27

Single point of failure (SPOF)

Question 28

A method of indicating the accuracy of data. Data consistency is evaluated to determine a level of certainty. You can then calculate the uncertainty level as 100 minus the percentage of certainty.

Answer 28

Uncertainty level