363 Quiz1

1. Which of the following statements best describes risk?

The probability of loss of a valued resource
2. In which of the IT domains is a hub considered a major component of risk?
***Unknown NOT USER DOMAIN
***LAN DOMAIN
3. How does risk management impact an organization?
Affects the survivability
4. Which of the following is not a technique for dealing with vulnerabilities?
Cost-benefit analysis
5. Which of the following statements about threats is not accurate?
Threats can be eliminated completely
6. What would you most commonly do to reduce the potential risk from a threat/vu
lnerability pair?
Reduce the vulnerability
7. After implementing several security controls, what should be done to ensure t
he controls are performing as expected?
Continuous monitoring
8. What is the most common target of perpetrators initiating an exploit?
Public-facing servers
9. Which of the following is a U.S. organization that publishes the Special Publ
ication 800 (SP 800) series of documents?
NIST
10. What U.S. organization routinely publishes free cybersecurity-related alerts
and tips, and includes the ability to subscribe to e-mail alerts for cybersecur
ity topics?
NO **** Unknown NOT CVE
NO *** DHS - NCSD - Cybersecurity and the National Cyber Alert System...
? - US- CERT********************************************************************
*****
11. Companies are expected to understand and abide by any laws that apply to the
m. What is this commonly called?
Compliance
12. To which of the following would HIPAA apply?
Health insurance companies
13. What is the first step you would take when creating a HIPAA compliance plan?
Assessment
14. Which agency enforces the Sarbanes-Oxley Act (SOX)?
SEC
15. To which of the following would SOX apply?
Publicly traded companies
16. Which of the following is not one of the objectives of a risk management pla
n?
Eliminate risk

17. Which portion of a risk management plan explains the extent to which the pla
n will be organized and carried out?
Scope
18. What is scope?
Boundaries of a plan
19. Of the following choices, what is not a responsibility of a project manager
for a risk management plan?
Ensuring team members do not work on other projects
20. Which of the following will be included in a risk management report?
Recommendations

Question 1 of 20 5.0/ 5.0 Points

Why is a risk assessment valuable for an organization? A.Helps protect assets
B.Helps plan employee vacation timing
C.Identifies future capital investments
D.Helps protect management Feedback:
pg. 114 Question
2 of 20 5.0/ 5.0 Points
Which of the following statements regarding a risk assessment (RA) is true?
A.Ideally an RA will not be limited by a scope
B.An RA is an ongoing process
C.An RA is designed to eliminate risk
D.An RA provides an assessment for a point in time Feedback:
pg. 114 Question
3 of 20 5.0/ 5.0 Points
What type of risk assessment uses a subjective method to assess a risk?
A.Ongoing
B.Probability-based
C.Qualitative
D.Quantitative Feedback:
pg. 118 Question 4 of 20 5.0/ 5.0 Points