Risk Management

Question 1

A script kiddie is a classic example of a(n) _________.

attacker

threat

threat actor

Answer 1

threat actor

A script kiddie is a classic example of a threat actor

Question 2

Risk is often considered formulaically as

Risk = Probability × Threat

Risk = Threat × Impact

Risk = Probability × Impact

Answer 2

Risk = Probability × Impact

Risk is often considered formulaically as Risk = Probability × Impact

Question 3

A company makes a document called “Acceptable Use” that defines what the company allows users to do and not do on their work systems. The company requires new employees to read and sign this. What is this type of document called?

Standard

Policy

Procedure

Answer 3

Policy

Policies are normally written documents that define an organization’s goals and actions. Acceptable use policies are very common

Question 4

A ___________ is a description of a complex process, concentrating on major steps and the flows between the steps.

law

procedure

framework

Answer 4

framework

A framework is a description of a complex process, concentrating on major steps and the flows between the steps

Question 5

No Trespassing sign is an example of a __________ control.

deterrent

preventative

detective

Answer 5

deterrent

A deterrent control deters a threat actor from performing a threat. A No Trespassing sign is a good example

Question 6

A lock on the door of a building is an example of a __________ control.

deterrent

preventative

detective

Answer 6

preventative

A preventative control stops threat actors from performing a threat. Locks are a notable example

Question 7

An asset’s exposure factor is measured in _______ .

dollars

percentages

units

Answer 7

percentages

Exposure factor is measured in terms of a percentage of loss to the value of that asset

Question 8

Which of the following equations is correct?

Single Loss Expectancy = Asset Value × Exposure Factor

Annualized Rate of Occurrence = Asset Value × Exposure Factor

Annualized Loss Expectancy = Asset Value × Exposure Factor

Answer 8

Single Loss Expectancy = Asset Value × Exposure Factor

The only correct equation is Single Loss Expectancy = Asset Value × Exposure Factor

Question 9

Financial is one type of business impact. Which of the following names another?

Technical

Device

Reputation

Answer 9

Reputation

Of the choices listed, only reputation is a common business impact

Question 10

Which of the following represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component?

MTTR

MTBF

MTMB

Answer 10

MTBF

Mean time between failures (MTBF) represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component