Quiz 4

Question 1

Which risk response strategy involves transferring responsibility to a third party?
Mitigate

Avoid

Accept

Transfer

Answer 1

Transfer

Question 2

Which of the following is NOT a component of risk management?

Control Evaluation

Risk Assessment

Risk Resolution

Risk Identification

Answer 2

Risk Resolution

Question 3

What does the term “Risk Appetite” refer to?

The likelihood of risks occurring

The financial impact of potential risks

The amount and type of risk an organization is willing to accept

The strategy for mitigating all identified risks

Answer 3

The amount and type of risk an organization is willing to accept

Question 4

Which of the following best describes “Residual Risk”?

Risk that has been completely eliminated

Risk that remains after controls have been applied

The total risk before any controls are applied

A low-priority risk that can be ignored

Answer 4

Risk that remains after controls have been applied

Question 5

What is the purpose of a Disaster Recovery Plan (DRP) in risk management?

To reduce the probability of an incident occurring

To provide steps for recovering from incidents and minimizing impact

To transfer risk to another entity

To accept the risk without taking any actions

Answer 5

To provide steps for recovering from incidents and minimizing impact

Question 6

What should be considered when selecting a risk control strategy?

The availability of insurance

The level of threat and value of the asset

The personal preferences of the risk manager

The cost of technology used in controls

Answer 6

The level of threat and value of the asset

Question 7

What does a “Risk Owner” refer to?

The person responsible for making financial decisions

The external auditor assessing the company’s risk profile

The IT manager responsible for implementing technology controls

The individual with the accountability and authority to manage the risk

Answer 7

The individual with the accountability and authority to manage the risk

Question 8

What is the primary purpose of risk assessment in the risk management process?

To increase company profits

To train employees on security policies

To identify new business opportunities

To evaluate the relative risk for each identified vulnerability

Answer 8

To evaluate the relative risk for each identified vulnerability

Question 9

Which of the following is considered an asset in the risk management process?

People, procedures, data, software, hardware, and networking elements

Only confidential information

Financial statements only

Only physical items like hardware and buildings

Answer 9

People, procedures, data, software, hardware, and networking elements

Question 10

Which risk control strategy involves doing nothing to protect against a vulnerability and accepting the outcome?

Mitigation

Transference

Avoidance

Acceptance

Answer 10

Acceptance