You can completely eliminate risk in an IT environment.
- From Business, General Business
- Tutor-571
- Rating : 51
- Grade : A+
- Questions : 1
- Solutions : 5085
- Blog : 0
- Earned : $6352.87
Page:of 24
Automatic Zoom Actual Size Page Fit Page Width 50% 75% 100% 125% 150% 200% 300% 400%
Patrick Prince
Managing Risk in Information Systems
Chapter 1 Assessment
Which one of the following properly defines risk?
A. Threat x Mitigation
B. Vulnerability x Controls
C. Controls x Residual Risk
D. Threat x Vulnerability
2. Which one of the following properly defines total risk?
A. Threat x Mitigation
B. Threat x Vulnerability x Asset Value
C. Vulnerability x Controls
D. Vulnerability x Controls
3. You can completely eliminate risk in an IT environment.
A. True
B. False
4. Which of the following are accurate pairings of threat categories?
(Select two.)
A External and internal
B. Natural and supernatural
C. Intentional and accidental
D. Computer and user
5. A loss of client confidence or public trust is an example of a loss of ________.
6. A ________ is used to reduce a vulnerability.
7. As long as a company is profitable, it does not need to consider survivability.
A. True
B. False
8. What is the primary goal of an information security program?
A. Eliminate losses related to employee actions
B. Eliminate losses related to risk
C. Reduce losses related to residual risk
D. Reduce losses related to loss of confidentiality,
9. The ________ is an industry
recognized standard list of common vulnerabilities.
10. Which of the following is a goal of a risk management?
A. Identify the correct cost balance between risk and controls
B. Eliminate risk by implementing controls
C. Eliminate the loss associated with risk
D. Calculate value associated with residual risk
Page
1
of
24
Patrick Prince
Managing Risk in Information Systems
11. If the benefits outweigh the cost, a control is implemented. Costs and benefits are identified by completing a
________.
12. A company decides to reduce losses of a threat by purchasing insurance. This is known as risk ________.
13. What can you do to manage risk? (Select three.)
A. Accept
B. Transfer
C. Avoid
D. Migrate
14. You have applied controls to minimize risk in the environment. What is the remaining risk called?
A. Remaining risk
B. Mitigated risk
C. Managed risk
D. Residual risk
15. Who is ultimately responsible for losses resulting from residual risk?
A. End users
B. Technical staff
C. Senior management
D. Security personnel
CHAPTER 2 | Managing Risk: Threats, Vulnerabilities, and Exploits
Page
2
of
24
[Solved] You can completely eliminate risk in an IT environment.
- This solution is not purchased yet.
- Submitted On 14 Jul, 2018 05:02:48
- Tutor-571
- Rating : 51
- Grade : A+
- Questions : 1
- Solutions : 5085
- Blog : 0
- Earned : $6352.87