Contingencies and Risk Analysis Economics Solved Quiz

Description

1.Which of the following statements are validated or verified via risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Security is measurable.

B

Security is cost effective.

C

Security is responsive to threat.

D

Security completely protects an environment.

2.Which of the following represents accidental or intentional exploitations of vulnerabilities?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Breaches

B

Threat agents

C

Risks

D

Threat events

3.Question 3 :

STRIDE is often used in relation to assessing threats against applications or operating systems. Which of the following is not an element of STRIDE?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Spoofing

B

Disclosure

C

Repudiation

D

Elevation of privilege

4.Which of the following information does a business case include?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Risks and contingencies

B

Methods and assumptions

C

Recommendations

D

Testing strategies

5.Which of the following are the cost functions that are related to quantitative risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Annualized loss expectancy

B

Annualized rate of occurrence

C

Double profit gain

D

Single loss expectancy

6.Question 6 :

Which of the following access controls includes the hardware or software mechanisms used to manage access and provide protection for resources and systems?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Administrative

B

Technical

C

Physical

D

Corrective

7.Question 7 :

Which of the following elements of risk management eliminates vulnerabilities and protects the system against threats?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Exposure

B

Risk

C

Asset

D

Safeguard

8.Risk analysis provides to the higher management details necessary to determine risks that should be mitigated, transferred, and accepted. Which of the following statements are true of risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

It uses public key cryptography to digitally sign records for a DNS lookup.

B

It facilitates slave DNS servers in transferring records from the master server to a slave server.

C

It recognizes risks, quantifies the impact of threats, and supports budgeting for security.

D

It adjusts the requirements and objectives of the security policy with business o

9.Which of the following is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Timing

B

Stress

C

Fuzz

D

Recovery

10.Vulnerabilities and risks are evaluated based on their threats against which of the following?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

One or more of the CIA Triad principles

B

Data usefulness

C

Due care

D

Extent of liability

11.Which of the following contains the primary goals and objectives of security?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

The CIA Triad

B

A network’s border perimeter

C

The internet

D

A stand-alone system

12.Which of the following steps are included in the RMF (risk management framework)?

Each correct answer represents a part of the solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Select an initial set of baseline security controls for the information system.

B

Implement the security controls and explain how the controls are employed within the information system.

C

Document any exceptions to the classification policy that are discovered, and integrate them into the evaluation criteria.

D

Categorize the information system and the information processed, stored, and transmitted.

13.Question 13 :

When an employee is to be terminated, which of the following should be done?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Inform the employee a few hours before they are officially terminated.

B

Disable the employee’s network access just as they are informed of the termination.

C

Send out a broadcast email informing everyone that a specific employee is to be terminated.

D

Wait until you and the employee are the only people remaining in the building before ann

14.Question 14 :

Which of the following are tactical documents that specify steps or methods to accomplish the goals and overall direction defined by security policies?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Standards

B

Guidelines

C

Procedures

D

Baselines

15.

Question 15 :

Which of the following would generally not be considered an asset in a risk analysis?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Users’ personal files

B

A development process

C

An IT infrastructure

D

A proprietary system r

16.Mark receives an e-mail in his inbox that reads “All employees should attend phone training in the seminar hall before using their newly installed digital phones.” Which of the following is this email an example of?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Procedure

B

Security policy

C

Regulatory policy

D

Company guideline

17.Auditing is a required factor to sustain and enforce what?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Accountability

B

Redundancy

C

Accessibility

D

Confidentiality

18._______________ refers to keeping information confidential that is personally identifiable or that might cause harm, embarrassment, or disgrace to someone if revealed.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Concealment

B

Privacy

C

Criticality

D

Seclusion

19.Which of the following is not considered a violation of confidentiality?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Social engineering

B

Stealing passwords

C

Eavesdropping

D

Hardware destruction

20.Question 20 :

Qualitative risk analysis enables an individual to identify potential risks, and assets and resources which are susceptible to these risks. Which of the following statements are true of qualitative risk analysis?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

It provides useful and meaningful results.

B

It supports automation.

C

It includes judgment, intuition, and experience.

D

It depends more on scenarios rather than calculations.

21.Question 21 :

Separation of duties comes under which of the following access controls?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Directive

B

Preventive

C

Corrective

D

Detective

22.Which of the following is not considered an example of data hiding?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Preventing an authorized reader of an object from deleting that object

B

Keeping a database from being accessed by unauthorized visitors

C

Restricting a subject at a lower classification level from accessing data at a higher classification level

D

Preventing an application from accessing hardware directly

23.What element of data categorization management can override all other forms of access control?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Taking ownership

B

Classification

C

Physical access

D

Custodian responsibilities

24.A portion of the __________________ is the logical and practical investigation of business processes and organizational policies. This process/policy review ensures that the stated and implemented business tasks, systems, and methodologies are practical, efficient, and cost-effective, but most of all (at least in relation to security governance) that they support security through the reduction of vulnerabilities and the avoidance, reduction, or mitigation of risk.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Documentation review

B

Countermeasure selection

C

Risk aversion process

D

Hybrid assessment

25.Question 25 :

What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Awareness

B

Training

C

Termination

D

Education

26.Which of the following concepts represent the three fundamental principles of information security?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Privacy

B

Integrity

C

Confidentiality

D

Availability

27.While performing a risk analysis, you identify a threat of fire and a vulnerability because there are no fire extinguishers. Based on this information, which of the following is a possible risk?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

System malfunction

B

Damage to equipment

C

Virus infection

D

Unauthorized access to confidential information

28.Question 28 :

Which of the following is a primary purpose of an exit interview?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

To evaluate the exiting employee’s performance

B

To cancel the exiting employee’s network access accounts

C

To return the exiting employee’s personal belongings

D

To review the nondisclosure agreement

29.Which type of security plan is designed to be a forwarding looking document pointing out goals to achieve in a five-year time frame?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Operational

B

Tactical

C

Strategic

30.Which policy discusses activities and behaviors that are acceptable and defines consequences of violations, within an organization?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Acceptable use

B

Informative

C

Advisory

D

Regulatory

31.Which of the following focuses on verifying compliance with stated security objectives, requirements, regulations, and contractual obligations?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Ownership

B

Data classification

C

Third-party governance

D

Procedure

32.When a safeguard or a countermeasure is not present or is not sufficient, what remains?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Penetration

B

Risk

C

Exposure

D

Vulnerability

33.When evaluating safeguards, what is the rule that should be followed in most cases?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

The annual costs of safeguards should not exceed 10 percent of the security budget.

B

The expected annual cost of asset loss should not exceed the annual costs of safeguards.

C

The annual costs of safeguards should equal the value of the asset.

D

The annual costs of safeguards should not exceed the expected annual cost of asset loss.

34.Which of the following is defined as the cost related to only one realized risk against a particular asset?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Exposure factor

B

Annualized rate of occurrence

C

Single loss expectancy

D

Annualized loss expectancy

35.The exposure factor is defined as the percentage of loss experienced by an organization when a specific asset is violated by a realized risk. Which of the following statements are true of the exposure factor?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Its value is small for assets that can be easily replaced, for example hardware.

B

Its value is large for assets that cannot be replaced, for example product designs, or a database of customers.

C

It is the expected frequency of occurrence of a particular threat or risk in a single year.

D

It is also known as the loss potential.

36.Mark reads the following lines in the document from his workstation:

  1. Access the Aspen Bridge by telnet.
  2. Enter into privileged mode.
  3. Execute command 6 and press Enter.
  4. Load the config file.
  5. Hit Run.

What type of document is Mark reading?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Security policy

B

Procedure

C

Guideline

D

Regulatory policy

37.A security policy is defined as the document that describes the scope of an organization’s security requirements. Which of the following statements are true of a security policy?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

It provides security solutions to provide necessary protection against security threats.

B

It includes assets that are to be protected.

C

It uses public key cryptography to digitally sign records for a DNS lookup.

D

It facilitates slave DNS servers to transfer records from the master server to a slave server.

38.Question 40 :

Which of the following is not an element of the risk analysis process?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Creating a cost/benefit report for safeguards to present to upper management

B

Selecting appropriate safeguards and implementing them

C

Evaluating each threat event as to its likelihood of occurring and cost of the resulting damage

D

Analyzing an environment for risks

39.

Question 41 :

By using which analysis does a group reach an anonymous consensus while all members of that group are in the same room?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Survey

B

Delphi technique

C

Brainstorming

D

Storyboarding

40.Which of the following approaches should you consider while preparing and conducting a risk assessment?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Create a business continuity plan.

B

Create a regulatory policy.

C

Identify a consistent risk assessment methodology.

D

Perform the risk and vulnerability assessment as per the defined standard.

41.Question 43 :

Which commercial business/private sector data classification is used to control information about individuals within an organization?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Confidential

B

Private

C

Sensitive

D

Proprietary

42.Qualitative risk analysis includes judgment, intuition, and experience. Which of the following methods are used to perform qualitative risk analysis?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Checklists

B

All of these

C

Delphi technique

D

Brainstorming

43.Which of the following is the most important and distinctive concept in relation to layered security?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Parallel

B

Filter

C

Multiple

D

Seri

44.Question 46 :

What ensures that the subject of an activity or event cannot deny that the event occurred?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

CIA Triad

B

Hash totals

C

Nonrepudiation

D

Abstraction

45.Which of the following defines the expected behavior from a security mechanism?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Instant messaging

B

Security function

C

Provisioning

D

Encapsulation

46.Question 48 :

When seeking to hire new employees, what is the first step?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Set position classification.

B

Create a job description.

C

Request résumés.

D

Screen candidates

47.What is the primary objective of data classification schemes?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

To control access to objects for authorized subjects

B

To manipulate access controls to provide for the most efficient means to grant or restrict functionality

C

To establish a transaction trail for auditing accountability

D

To formalize and stratify the process of securing data based on assigned labels of importance and sensitivity

48.Which of the following is typically not a characteristic considered when classifying data?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

National security implications

B

Useful lifetime

C

Size of object

D

Value

49.You work as a security manager for an organization. Your organization has been facing network and software security threats in the last few months. You want to make a new security policy to enhance the safety of your information system. Which of the following features should your security policy support?

Each correct answer represents a complete solution. Choose all that apply.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

It should define the acceptable risk levels.

B

It should define the security goals and practices that are necessary to protect the crucial interests of your organization.

C

It should define the configuration items.

D

It should define the overall security strategy.

50.If a security mechanism offers availability, then it offers a high level of assurance that authorized subjects can _____________________ the data, objects, and resources.

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Control

B

Audit

C

Access

D

Repudiate

51.Which of the following involves reading the exchanged materials and verifying them against standards and expectations?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Regulatory policy

B

Documentation review

C

Procedure

D

Security poli

52.

Question 55 :

Which of the following BIA terms identifies the amount of money a business expects to lose to a given risk each year?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

EF

B

ALE

C

SLE

D

ARO

53.What is the primary goal of change management?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Keeping users informed of changes

B

Allowing rollback of failed changes

C

Preventing security compromises

D

Maintaining documentation

54.What is the primary goal of change management?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Keeping users informed of changes

B

Allowing rollback of failed changes

C

Preventing security compromises

D

Maintaining documentation

55.Question 57 :

Who has the authority to grant access to a subject in the discretionary access control method?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Owner

B

Auditor

C

Custodian

D

User

56.What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Training

B

Awareness

C

Education

D

Termination

58.Which of the following is the lowest military data classification for classified data?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Sensitive

B

Private

C

Proprietary

D

Secret

59.Question 60 :

How is the value of a safeguard to a company calculated?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

ALE before safeguard – ALE after implementing the safeguard – annual cost of safeguard

B

Total risk – controls gap

C

ALE after implementing safeguard + annual cost of safeguard – controls gap

D

ALE before safeguard * ARO of safeguard

60.

Question 61 :

What are the two common data classification schemes?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Military and private sector

B

Classified and unclassified

C

Private sector and unrestricted sector

D

Personal and government

61.How is the value of a safeguard to a company calculated?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

ALE before safeguard – ALE after implementing the safeguard – annual cost of safeguard

B

ALE before safeguard * ARO of safeguard

C

ALE after implementing safeguard – annual cost of safeguard – controls gap

D

Total risk – controls gap

62.Single loss expectancy (SLE) is defined as the cost related to a single realized risk against a particular asset. Which of the following statements relates to single loss expectancy?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

It represents the possible yearly cost of all instances of a particular realized threat against a particular asset.

B

It represents the percentage of loss experienced by an organization when a specific asset is violated by a realized risk.

C

It represents the exact amount of loss that an organization experiences when an asset gets damaged by a particular threat.

D

It represents expected frequency of occurrence of a particular threat or risk within a single year.

63.Which of the following makes sure that all parties involved are in agreement with all the issues of concern?

This task contains the radio buttons and checkboxes for options. The shortcut keys to perform this task are A to H and alt+1 to alt+9.

A

Open document exchange

B

Data classification

C

Ownership

D

Procedure.

Do you have a similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services at EssayBell.com