Practice Test 6

¡Supera tus tareas y exámenes ahora con Quizwiz!

factor analysis

As part of the risk identification process, listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

likelihood

Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats

Cost of prevention

Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?

management

Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.

Risk analysis

The identification and assessment of levels of risk in an organization describes which of the following?

False

The information technology management community of interest often takes on the leadership role in addressing risk.​ ____________

Risk assessment estimate factors

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

Vulnerabilities

What is defined as specific avenues that threat agents can exploit to attack an information asset?

Listing assets in order of importance

What is the final step in the risk identification process?

Threats-vulnerabilities-assets worksheet

What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

IP address

Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?

MAC address

Which of the following is an attribute of a network device is physically tied to the network interface?

Outdated servers

Which of the following is an example of a technological obsolescence threat?

relative

As each information asset is identified, categorized, and classified, a ________ value must also be assigned to it.

False

A formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorization scheme. ____________

False

An approach to combining risk identification, risk assessment, and risk appetite into a single strategy. is known as risk protection. ___________

False

An asset valuation approach that uses categorical or nonnumeric values rather than absolute numerical measures is known as numberless assessment. ____________

Uncertainty

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

Comprehensive

Classification categories must be mutually exclusive and which of the following?

Legal management must develop corporate-wide standards

Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest, which includes all but which of the following?

Relative value

Once an information asset is identified, categorized, and classified, what must also be assigned to it?

Calculating the severity of risks to which assets are exposed in their current setting

Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk assessment process?

Assigning a value to each information asset

Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk identification process?

Product dimensions

Which of the following attributes does NOT apply to software information assets?

Manufacturer's model or part number

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?


Conjuntos de estudio relacionados

MTEC-111 Introduction to Music Technology Terms

View Set

Education, Aptitudes, and Skills 100%

View Set

ACCT 4310 Audit Final Exam Class Notes

View Set

NEC Commercial Electrical Test #1

View Set

Med Surg III Sepsis and Shock Test

View Set

Chapter 5 + 6 Business Communications

View Set

Ch 42- Musculoskeletal (med surg)

View Set

60 Questions from Science Practice Test 4

View Set