Risk Management Flashcards
Which of the following is not an advantage of quantitative risk analysis?
A. Examination of real threats
B. Fast results
C. Subjective opinions
D. Dollar values
C. Subjective opinions
Which of the following is the formula for SLE?
A. SLE = AV x EF
B. SLE = AV / EF
C. SLE = ARO x EF
D. SLE = ARO x AV
A. SLE = AV x EF
Which of the following is not an advantage of qualitative risk assessments?
A. Speed
B. Use of numeric dollar values
C. Base don CIA
D. Performed by a team
B. Use of numeric dollar values
Which of the following is the formula for ALE?
A. ALE = AV x ARO
B. ALE = ARO x SLE
C. ALE = SLE / ARO
D. ALE = AV / ARO
B. ALE = ARO x SLE
Which of the following is the approach for dealing with risk that incurs an ongoing continual cost from a third party?
A. Accept
B. Avoid
C. Mititgate
D. Transfer
D. Transfer
Implementation of a firewall best maps to which of the following?
A. Accept
B. Avoid
C. Mitigate
D. Transfer
C. Mitigate
After determining the exposure factor, which is the next step of the quantitative risk assessment process?
A. Determine the SLE
B. Determine the ARO
C. Determine the SLE
D. Determine the AV
A. Determine the SLE
When problem solving, which of the following steps or guidance involves making a step-by-step list of the possibilities for testing?
A. Implement
B. Gather the facts
C. Brainstorm
D. Evaluate
A. Implement
Which of the following most helps employees know how to respond to potential security risks and incidents?
A. Brainstorm
B. Separation of duties
C. Security awareness training
D. Mandatory vacation
C. Security awareness training
A(n) _____ is any agent, condition, or circumstance that could potentially cause harm to, loss of, or damage to an IT asset or data asset, or compromise it.
A. Vulnerability
B. Risk
C. Threat
D. Exposure
C. Threat
Which of the following is not an acceptable audit standard for an auditor to follow?
A. COBIT
B. GAAP
C. FISMA
D. OpenVAS
D. OpenVAS
A(n) _____ can be described as a weakness in hardware, software, or components that may be exploited in order for a threat to destroy, damage, or compromise an asset.
A. Vulnerability
B. Threat
C. Exposure
D. Risk
A. Vulnerability
Which of the following helps describe reporting the difference between “where we are” and “where we want to be”?
A. Lessons learned report
B. After-action report
C. Audit
D. Gap analysis
D. Gap analysis
Nikto, Nessus, LanGuard, and SAINT are useful for what kind of activity?
A. Exploitation
B. Threat assessment
C. Control auditing
D. Vulnerability scanning
D. Vulnerability scanning
As one of the most well-known types of SLAs, which of the following details the agreed-on amount of uptime?
A. RTO
B. UA
C. FCR
D. TSF
B. UA