Risk Management Flashcards
Which risk treatment approach involves deciding not to undertake actions or engage in activities that introduce or increase risk?
A. Mitigate
B. Avoid
C. Transfer
D. Accept
B. Avoid
Which is a form of structured data document that represents a compilation of information related to vulnerabilities, risks, and countermeasures and serves as a repository of identified risks, impact, scenarios, and potential responses?
A. Register
B. Matrix
C. Archive
D. CMDB
A. Register
Which are common types of security reporting techniques? Choose more than one option.
A. Live presentations (in-person or conferencing sessions)
B. Published to an intranet
C. Written reports and summaries
D. Request for comments
E. White papers and special publications
F. Service desk tickets
A. Live presentations (in-person or conferencing sessions)
B. Published to an intranet
C. Written reports and summaries
E. White papers and special publications
Which term describes the vulnerability that remains AFTER the mitigating controls are introduced?
A. Inherent risk
B. Residual risk
C. Positive risk
D. Total risk
B. Residual risk
What is a scientific/mathematical approach to getting monetary and numeric probabilities based on the percentages, mathematical formulas, and calibrated estimation?
A. Quantitative analysis
B. Qualitative analysis
C. Gap analysis
D. Risk analysis
A. Quantitative analysis
Which of these are common approaches to risk identification and assessment? Choose more than one option.
A. Asymmetric
B. Recurring
C. Centralized
D. One-time
E. Ad hoc
F. Continuous
B. Recurring
D. One-time
E. Ad hoc
F. Continuous
What business impact analysis method represents the absolute maximum amount of time that a resource, service, or function can be unavailable before the entity start to experience a catastrophic loss?
A. MTBF
B. RPO
C. MTTR
D. MTD
D. MTD (Maximum Tolerable Downtime)
