Chapter 15: Risk Analysis

Mitigate

After identifying that a buffer overflow threat against your web server exists, you implement a firewall to control communication to the web server. How have you handled the risk? A. Transfer B. Accept C. Mitigate D. Deny

Transfer

Looking at a threat against one of your assets, you have decided to get an insurance policy that covers the risk. How have your handled the risk? A. Transfer B. Accept C. Mitigate D. Deny

The identification and planning of mitigation techniques to reduce the risks to your organization

Which of the following best describes risk analysis? A. An event that can cause harm to the asset B. A weakness in the configuration of hardware or software C. When the threat to an asset can cause harm to the organization - typically resulting in a financial loss D. The identification and planning of mitigation techniques to reduce the risks to your organization

Damage to company reputation

Which of the following is an example of an intangible impact of a threat? A. Revenue loss B. Loss of production C. Damage to company reputation D. Loss of facility

SLE x ARO

Which of the following represents how you can calculate the ALE? A. SLE x EF B. SLE x ARO C. Asset value x EF D. EF x ARO

Quantitative

Which type of risk analysis involves calculating the actual dollars lost due to a threat occurring? A. Quantitative B. Loss of production C. Risk assessment D. Mitigation

Identify the assets.

You have been asked by the manager to help with some risk analysis within the company. What is the first step to performing a risk assessment? A. Identify the threats B. Identify the assets C. Identify the impact D. Evaluate residual risks

$14,400

Your company has a piece of machinery that is used to produce the main product your company sells. It has been decided that the machinery has a value of $320,000. If a part fails, it will have an impact of your company losing 18% of the asset value with each failure. You expect the failure to occur once every four years. What is the annual loss expectancy of the threat? A. $57,000 B. $29,000 C. $57,600 D. $14,400

It is quicker than a quantitative analysis

Your manager has been reading about risk analysis and asks you what the benefit of qualitative analysis is. How would you respond? A. You are able to justify the cost because you know how much money each threat will cost you. B. You are able to calculate the ALE C. You are able to calculate the SLE D. It is quicker than a quantitative analysis

Accept

A small company has identified that having the company server in the closet of a facility and not having it in a locked room presents a risk. They decide to do nothing to correct the threat. How have they handled the risk? A. Transfer B. Accept C. Mitigate D. Deny