Chapter 4

¡Supera tus tareas y exámenes ahora con Quizwiz!

Qualitative risk-analysis is a list of identified risks that results from the risk-identification process. (T/F)

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process. (T/F)

False

Risks can be a positive thing, and a risk management plan should address positive and negative risk occurrences. (T/F)

True

Single Loss Expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE = Resource Value x EF. (T/F)

True

A parallel test evaluates the effectiveness of the ____________ by enabling full processing capability at an alternate data center without interrupting the primary data center. a. DRP b. Security Plan c. BIA d. BCP

a. DRP

Which of the following is the definition of business driver? a. The estimated loss due to a specific, realized threat. b. The process of identifying, assessing, prioritizing, and addressing risks. c. A comparison of security controls in place that are needed to address all identified threats. d. The collection of components, including people, information, and conditions that support business objectives.

d. The collection of components, including people, information, and conditions that support business objectives.

Annual Loss Expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks. (T/F)

False

Residual risk is a risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity. (T/F)

False

Having too many risks in the risk register is much better than overlooking any severe risk that does occur. (T/F)

True

The term Annual Rate of Occurrence (ARO) describes the annual probability that a stated threat will be realized. (T/F)

True

The term Risk Management describes the process of identifying, assessing, prioritizing, and addressing risks. (T/F)

True

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks. (T/F)

True

What is meant by Risk Register? a. A list of identified risks that results from the risk-identification process. b. The estimated loss due to a specific realized threat. c. A comparison of security controls in place and controls that are needed to address all identified threats. d. The process of identifying, assessing, prioritizing, and addressing risks.

a. A list of identified risks that results from the risk-identification process.

The recovery point objective (RPO) identifies the amount of _______________ that is acceptable. a. Data Loss b. Risk c. Time to Recover d. Support

a. Data Loss

Your ____________ plan shows that you have examined risks to your organization and have developed plans to address each risk. a. Risk-Response b. Business c. Compliance d. Disaster

a. Risk-Response

The process of managing risks starts by identifying _______________. a. Risks b. Business Drivers c. Exposure Factor (EF) d. Standards

a. Risks

What is the Project Management Body of Knowledge (PMBOK)? a. A description of how you will manage overall risk. It includes the approach, required information, and techniques to address each risk. b. A collection of the knowledge and best practices of the project management profession. c. Any risk that exists but has a defined response. d. The collection of components, including people, information, and conditions that support business objectives.

b. A collection of the knowledge and best practices of the project management profession.

Information security activities directly support several common business drivers, including _________________ and efforts to protect intellectual property. a. Quantitative Risk Analysis b. Compliance c. Regulations d. Confidentiality

b. Compliance

_____________ is rapidly becoming an increasingly important aspect of enterprise computing. a. Risk Methodology b. Disaster Recovery c. Risk Analysis d. Risk Management

b. Disaster Recovery

A ___________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption. a. Business Continuity Plan (BCP) b. Disaster Recovery Plan (DRP) c. Business Impact Analysis (BIA) d. Risk Methodology

b. Disaster Recovery Plan (DRP)

RTO identifies the maximum allowable ____________ to recover the function. a. Support b. Time c. Risk d. Data Loss

b. Time

A ___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability. a. True Downtime Cost b. Business Impact Analysis (BIA) c. Business Continuity Plan (BCP) d. Risk Register

c. Business Continuity Plan (BCP)

What name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them? a. Annual Loss Expectancy (ALE) b. Quantitative Risk Analysis c. Qualitative Risk Analysis d. Gap Analysis

c. Qualitative Risk Analysis

The goal of ____________ is to quantify possible outcomes of risk, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks. a. Qualitative Risk Analysis b. Annual Rate of Occurrence (ARO) c. Quantitative Risk Analysis d. Risk Register

c. Quantitative Risk Analysis

Any organization that is serious about security will view _________________ as an ongoing process. a. Gap Analysis b. Standards c. Risk Management d. Business Objectives

c. Risk Management

What is the difference between a BCP and a DRP? a. A BCP does not specify how to recover from disasters, just interruptions b. A DRP is part of a BCP c. A DRP directs the actions necessary to recover resources after a disaster d. All of the above

d. All of the above

____________ is the proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage. a. Annual Rate of Occurrence (ARO) b. Risk Management c. Business Drivers d. Exposure Factor (EF)

d. Exposure Factor (EF)

What name is given to any risk that exists but has a defined response? a. Risk Register b. Quantitative Risk Analysis c. Risk Management d. Residual Risk

d. Residual Risk


Conjuntos de estudio relacionados

"Psychiatric/Mental Health Nursing - Psychobiological Disorders + Foundations"

View Set

Quiz 16 Corporate strategy - Mergers and acquisitions STRAT MAN

View Set

Fraud Chapter 9- Transforming Data Into Evidence (Part 2)

View Set

NUR344 PrepU: Chapter 30 - Disorders of Hepatobiliary and Exocrine Pancreas Function

View Set

More!2 Unit 1 - Irregular Verbs part 1

View Set

Introduction to Cartography (How to Make an Effective Map)

View Set