Question 1

What are the four stages of a basic FAIR analysis?

Accepted Answer

Stage 1-Identify Scenario Comp...

Question 2

The risk control strategy that eliminates all risk associated with an information asset by removing it from service is known as the ​termination  risk control strategy.

Accepted Answer

A) True 
 B)False

Question 3

The ISO 27005 Standard for Information Security Risk Management includes five stages including all but which of the following?

Accepted Answer

A)   risk assessment
B)   risk treatment
C)   risk communication
D)   risk determinationE) A) and B)
F) A) and C)

Question 4

Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.

Accepted Answer

A) True 
 B)False

Question 5

Which of the following determines acceptable practices based on consensus and relationships among the communities of interest.

Accepted Answer

A)   organizational feasibility
B)   political feasibility
C)   technical feasibility
D)   operational feasibilityE) All of the above
F) None of the above

Question 6

What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?

Accepted Answer

A)   cost-benefit analysis
B)   exposure factor
C)   single loss expectancy
D)   annualized rate of occurrenceE) B) and D)
F) A) and C)

Question 7

An examination of how well a particular solution is supportable given the organization's current technological infrastructure and resources,which include hardware,software,networking,and personnel is known as operational feasibility.____________

Accepted Answer

A) True 
 B)False

Question 8

A benchmark is derived by comparing measured actual performance against established standards for the measured category.____________ ​

Accepted Answer

A) True 
 B)False

Question 9

Which of the following is NOT a valid rule of thumb on risk control strategy selection?

Accepted Answer

A)   When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.
B)   When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.
C)   When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or reduce the attacker's gain, by using technical or operational controls.
D)   When the potential loss is substantial: Apply design principles, architectural designs, and technical and non-technical protections to limit the extent of the attack, thereby reducing the potential for loss.E) C) and D)
F) A) and B)

Question 10

By multiplying the asset value by the exposure factor,you can calculate which of the following?

Accepted Answer

A)   annualized cost of the safeguard
B)   single loss expectancy
C)   value to adversaries
D)   annualized loss expectancyE) A) and B)
F) A) and C)

Question 11

Describe operational feasibility.

Accepted Answer

Operational feasibility refers to user a...

Question 12

A process of assigning financial value or worth to each information asset.

Accepted Answer

A)  defense risk control strategy
B)  mitigation risk control strategy
C)  acceptance risk control strategy
D)  termination risk control strategy
E)  risk appetiteF) cost-benefit analysisG) cost avoidanceH) asset valuationI) organizational feasibilityJ) single loss expectancyK) A) and C)
L) B) and G)

Question 13

Once an organization has estimated the worth of various assets,what three questions must be asked to calculate the potential loss from the successful exploitation of a vulnerability?

Accepted Answer

What damage could occur,and what financi...

Question 14

A risk control strategy that eliminates all risk associatedwith an information asset by removing it from service.

Accepted Answer

A)  defense risk control strategy
B)  mitigation risk control strategy
C)  acceptance risk control strategy
D)  termination risk control strategy
E)  risk appetiteF) cost-benefit analysisG) cost avoidanceH) asset valuationI) organizational feasibilityJ) single loss expectancyK) C) and I)
L) B) and H)

Question 15

Explain two practical guidelines to follow in risk control strategy selection.

Accepted Answer

- When a vulnerability (flaw or weakness...

Question 16

Briefly describe the five basic strategies to control risk that result from vulnerabilities.

Accepted Answer

​ Defense-Applying controls and safeguar...

Question 17

Due care and due diligence occur when an organization adopts a certain minimum level of security-that is,what any prudent organization would do in similar circumstances.____________

Accepted Answer

A) True 
 B)False

Question 18

To keep up with the competition organizations must design and create a ____________ environment in which business processes and procedures can function and evolve effectively.

Accepted Answer

The answer of To keep up with the competition organizations...

Question 19

The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR,DR and BC plans is ____________________ .

Accepted Answer

The answer of The risk control strategy that seeks to...

Question 20

An examination of how well a particular solution fits within theorganization's strategic planning objectives and goals.

Accepted Answer

A)  defense risk control strategy
B)  mitigation risk control strategy
C)  acceptance risk control strategy
D)  termination risk control strategy
E)  risk appetiteF) cost-benefit analysisG) cost avoidanceH) asset valuationI) organizational feasibilityJ) single loss expectancyK) D) and J)
L) D) and F)

Exam 7: Risk Management: Controlling Risk

A benchmark is derived by comparing measured actual performance against established standards for the measured category.____________ ​

Correct AnswerverifiedShow Answer

The ISO 27005 Standard for Information Security Risk Management includes five stages including all but which of the following?

Correct AnswerverifiedShow Answer

The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR,DR and BC plans is ____________________ .

Correct AnswerverifiedShow Answer

What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?

Correct AnswerverifiedShow Answer

To keep up with the competition organizations must design and create a ____________ environment in which business processes and procedures can function and evolve effectively.

Correct AnswerverifiedShow Answer

An examination of how well a particular solution is supportable given the organization's current technological infrastructure and resources,which include hardware,software,networking,and personnel is known as operational feasibility.____________

Correct AnswerverifiedShow Answer

A risk control strategy that eliminates all risk associatedwith an information asset by removing it from service.

Correct AnswerverifiedShow Answer

Which of the following is NOT a valid rule of thumb on risk control strategy selection?

Correct AnswerverifiedShow Answer

By multiplying the asset value by the exposure factor,you can calculate which of the following?

Correct AnswerverifiedShow Answer

Describe operational feasibility.

Correct AnswerverifiedOperational feasibility refers to user a...View AnswerShow Answer

What are the four stages of a basic FAIR analysis?

Correct AnswerverifiedStage 1-Identify Scenario Comp...View AnswerShow Answer

An examination of how well a particular solution fits within theorganization's strategic planning objectives and goals.

Correct AnswerverifiedShow Answer

Which of the following determines acceptable practices based on consensus and relationships among the communities of interest.

Correct AnswerverifiedShow Answer

Due care and due diligence occur when an organization adopts a certain minimum level of security-that is,what any prudent organization would do in similar circumstances.____________

Correct AnswerverifiedShow Answer

The risk control strategy that eliminates all risk associated with an information asset by removing it from service is known as the ​termination risk control strategy.

Correct AnswerverifiedShow Answer

Once an organization has estimated the worth of various assets,what three questions must be asked to calculate the potential loss from the successful exploitation of a vulnerability?

Correct AnswerverifiedWhat damage could occur,and what financi...View AnswerShow Answer

Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.

Correct AnswerverifiedShow Answer

Explain two practical guidelines to follow in risk control strategy selection.

Correct Answerverified- When a vulnerability (flaw or weakness...View AnswerShow Answer

A process of assigning financial value or worth to each information asset.

Correct AnswerverifiedShow Answer

Briefly describe the five basic strategies to control risk that result from vulnerabilities.

Correct Answerverified​ Defense-Applying controls and safeguar...View AnswerShow Answer

A benchmark is derived by comparing measured actual performance against established standards for the measured category.____________

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Operational feasibility refers to user a...
View Answer

Correct Answer
verified
Stage 1-Identify Scenario Comp...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

The risk control strategy that eliminates all risk associated with an information asset by removing it from service is known as the termination risk control strategy.

Correct Answer
verified

Correct Answer
verified
What damage could occur,and what financi...
View Answer

Correct Answer
verified

Correct Answer
verified
- When a vulnerability (flaw or weakness...
View Answer

Correct Answer
verified

Correct Answer
verified
Defense-Applying controls and safeguar...
View Answer