Managing Risk Flashcards
Which items normally appear in a risk registry?
A. Mitigation
B. Past security incidents
C. Compliance mapping
D. Owner
A. Mitigation: This includes the strategies and actions planned to reduce the impact or likelihood of a risk.
D. Owner: This refers to the individual or team responsible for managing and monitoring a specific risk.
How does configuration management differ from change management?
A. Configuration management keeps systems performance at a desired level over time, change management is short-term
B. Change management keeps systems performance at a desired level over time, configuration management is short-term
C. Configuration management applies solely to security controls, change management applies to long-term system desired performance
D. Change management keeps systems performance above a specified level over time, configuration management is short-term
A. Configuration management keeps systems performance at a desired level over time, change management is short-term
Configuration Management (CM): Focuses on maintaining the integrity of IT systems and applications.
Involves identifying, controlling, and auditing changes to the configuration of IT assets.
Aims to ensure that systems are consistent, stable, and meet specific requirements.
It’s a long-term process that involves ongoing monitoring and management.
Change Management (CM): A structured approach to introducing changes to an organization’s IT environment.
Involves planning, testing, and implementing changes while minimizing risks and disruptions.
It’s typically a short-term process, focused on specific changes and their impact.
Therefore, CM is a long-term process that ensures ongoing stability, while CM is a more short-term process focused on specific changes.
Where are Azure backup items stored?
A. Key vault
B. Storage account
C. Recovery services vault
D. Cosmos DB
C. Recovery Services vault
Azure Backup stores backup items in a Recovery Services vault. This vault is a secure and scalable repository that manages backup data, recovery points, and policies.
Which Microsoft Windows Performance Monitor tool can be used to establish a performance baseline?
A. Group Policy
B. DCS
C. SLA
D. RDP
B. DCS
DCS stands for Data Collector Sets in the context of Windows Performance Monitor. These are pre-configured or custom configurations that specify which performance counters to collect and how often to collect them.
Data Collector Sets are indeed a powerful tool for establishing performance baselines and monitoring system health.
Which risk treatment is synonymous with risk retention?
A. Risk transfer
B. Risk avoidance
C. Risk reduction
D. Risk acceptance
D. Risk acceptance.
Risk acceptance means that the organization consciously decides to accept the risk and its potential consequences.
What is the purpose of calculating the Annual Loss Expectancy (ALE)?
A. To determine the maximum cost that should be spent on mitigating security controls
B. To determine threat likelihood
C. To determine compliance with applicable regulations
D. To determine the percentage of asset loss
A. To determine the maximum cost that should be spent on mitigating security controls.
Annual Loss Expectancy (ALE) is a quantitative risk assessment technique used to estimate the potential financial loss from a specific risk over a year. By calculating the ALE, organizations can determine the maximum amount they should invest in security controls to mitigate that risk.
Here’s a breakdown of how ALE is calculated:
Single Loss Expectancy (SLE): This is the estimated cost of a single security incident.
Annual Rate of Occurrence (ARO): This is the estimated number of times a specific security incident is likely to occur in a year.
ALE = SLE * ARO
By calculating the ALE, organizations can prioritize risks based on their potential financial impact and allocate resources accordingly.
You are deploying a new antimalware program to user smartphones. Which type of security control is this? Choose more than one option.
A. Administrative
B. Detective
C. Preventative
D. Compensating
B. Detective
C. Preventative
An antimalware program acts as both a detective and preventative control:
Detective: It constantly scans for and detects malicious software on the device.
Preventative: It blocks and removes malicious software before it can cause harm.
Which risk management framework stems from a European agency?
A. ENISA
B. NIST
C. ISO
D. OSI
A. ENISA.
ENISA, the European Union Agency for Cybersecurity, provides a comprehensive Risk Management/Risk Assessment (RM/RA) Framework. This framework offers guidelines and best practices for organizations to assess and manage cybersecurity risks effectively.
Cybersecurity insurance is considered to be which kind of risk treatment?
A. Risk transfer
B. Risk avoidance
C. Risk acceptance
D. Risk reduction
A. Risk transfer.
Cybersecurity insurance is a risk treatment strategy where the financial risk associated with a cyberattack is transferred to an insurance company. By purchasing this insurance, an organization shifts the potential financial burden of a cyber incident onto the insurer.
Which type of risk treatment applies security controls to reduce threat impact?
A. Risk reduction
B. Risk transfer
C. Risk acceptance
D. Risk avoidance
A. Risk reduction.
Risk reduction involves implementing security controls to reduce the likelihood or impact of a threat. This can include measures like:
Installing firewalls
Implementing strong access controls
Using encryption
Conducting regular security awareness training
By taking these steps, an organization can significantly reduce the potential damage caused by a successful attack.
Which risk treatment applies when the level of risk is unacceptable?
A. Risk avoidance
B. Risk reduction
C. Risk transfer
D. Risk acceptance
A. Risk avoidance.
When a risk is deemed unacceptable, the most effective approach is to avoid it altogether. This involves eliminating the activity or process that gives rise to the risk.
For example, if a particular software system is identified as a significant security risk, the organization might decide to discontinue its use and adopt an alternative solution.
You have enabled Microsoft Azure storage account replication. When the primary region for the storage account is not reachable, what should you do?
A. Failback to the primary region
B. Nothing; replication is enabled
C. Failover to the secondary region
D. Failover to the primary region
C. Failover to the secondary region.
When the primary region for an Azure Storage account becomes unreachable, Azure automatically fails over to the secondary region. This ensures that your data remains accessible, and your applications can continue to operate.
