Start Quiz 3: Checkpoint: Risk Management

Question 1

As the CISO of a financial services company, you’ve become aware of unauthorized changes to financial transaction records in your database. These alterations have caused discrepancies and could lead to significant financial and reputational damage. You want to ensure that data integrity is maintained and that any future unauthorized modifications are detected. What cryptographic technique can you implement to ensure the integrity of your data and identify tampering?

A. Remote journaling
B. Incident Response Testing
C. DLP
D. Hashing

Answer 1

D. Hashing

Explanation:
You should implement hashing. Hashing algorithms generate a unique digital fingerprint for each transaction record, creating a secure baseline that reflects the original, unaltered state of the data. Whenever the data is accessed, transmitted, or stored, the hash can be recalculated and compared to the original. If any unauthorized modification occurs, even a minor change to the data, the new hash will differ from the original, immediately signaling tampering.

Question 2

You are the new CISO of a financial institution that processes real-time transactions. To ensure business continuity, your organization must be able to immediately recover from a disaster, such as a major data center failure, without losing any transaction data. What type of disaster recovery solution should you implement?

A. Cold Site
B. Warm Site
C. Hot Site
D. Cloud Site

Answer 2

C. Hot Site

Explanation:
You should implement a hot site. Though costly, a hot site is a fully operational backup data center that continuously mirrors your production environment and data in real-time. This allows for instant failover in the event of a disaster, ensuring zero data loss and immediate recovery of operations.

Question 3

As the CIO of a large corporation, you are tasked with selecting a biometric access control system for your data centers. You are comparing two systems, one that uses fingerprint recognition and another that uses facial recognition. The vendors have provided the following performance data: Fingerprint system: Crossover Error Rate (CER) of 0.04%. Facial recognition system: Crossover Error Rate (CER) of 0.06%. Based on the CER, which system will provide the fewest False Acceptances and False Rejections and represents the best overall choice?

A. The Fingerprint System
B. The Facial Recognition System
C. Neither
D. They are the same

Answer 3

A. The Fingerprint System

Explanation:
Use the Crossover Error Rate (CER) to choose between the systems, as it represents the intersection between the False Acceptance Rate (FAR) and False Rejection Rate (FRR). The system with the lowest CER is the best choice, which in this case is the fingerprint system with a CER of 0.04%.

Question 4

As the CISO of a government contractor, you’re responsible for ensuring your organization’s cybersecurity practices comply with federal standards, including FISMA, the Federal Information Security Management Act. You need to adopt a risk assessment framework that will help manage cybersecurity risks while meeting your federal requirements. Which risk assessment framework should you choose?

A. FAIR
B. OCTAVE
C. NIST RMF
D. OWASP ASVS

Answer 4

C. NIST RMF

Explanation:
The NIST Risk Management Framework (RMF) is designed specifically for managing cybersecurity risks in accordance with federal standards like FISMA. It provides a structured process for integrating security and risk management activities into the system development life cycle and ensures compliance with federal requirements.

Question 5

As the technical lead analyst for a healthcare organization, you’ve helped implement a variety of security measures, such as encryption, firewalls, and intrusion detection systems, to safeguard patient data. Even with these controls in place, you’re aware that some level of risk still exists, particularly with the rise of advanced cyber threats. How can you categorize and label the risk that exists even after all your mitigations have been put in place?

A. Inherent Risk
B. Residual Risk
C. Risk Elimination
D. Risk Transference

Answer 5

B. Residual Risk

Explanation:
Residual risk is the level of risk that remains after all security controls and mitigation efforts have been implemented.