Questions and Answers of Managing Risk In Information Systems

Which of the following security principles divides job responsibilities to reduce fraud?A. Need to knowB. Least privilegeC. Separation of dutiesD. Mandatory vacations
What can be used to ensure that unauthorized changes are not made to systems?A. Input validationB. Patch managementC. Version controlD. Configuration management
What are two types of intrusion detection systems?A. Intentional and unintentionalB. Natural and man-madeC. Host based and network basedD. Technical and physical
A technical control prevents unauthorized personnel from having physical access to a secure area or secure system.A. TrueB. False
What allows an attacker to gain additional privileges on a system by sending unexpected code to the system?A. Buffer overflowB. MAC floodC. Input validationD. Spiders
What is hardening a server?A. Securing it from the default configurationB. Ensuring it cannot be powered downC. Locking it in a room that is hard to accessD. Enabling necessary protocols and services
Which of the following steps could be taken to harden a server?A. Removing unnecessary services and protocolsB. Keeping the server up to dateC. Changing defaultsD. Enabling local firewallsE. All of
Which government agency includes the Information Technology Laboratory and publishes SP 800-30?A. NISTB. DHSC. NCCICD. US-CERT
Which of the following is a Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Lifecycle Approach?A. SP 800-34B. SP 800-35C. SP 800-37D. SP 800-84
Which U.S. government agency regularly publishes alerts and bulletins related to security threats?A. NISTB. FBIC. US-CERTD. MITRE Corporation
The CVE list is maintained by _______.
What is the standard used to create information security vulnerability names?A. CVEB. MITREC. DISAD. CSI
Which one of the following properly defines risk?A. Threat × MitigationB. Vulnerability × ControlsC. Controls − Residual riskD. Threat × Vulnerability
Which one of the following properly defines total risk?A. Threat − MitigationB. Threat × Vulnerability × Asset valueC. Vulnerability − ControlsD. Vulnerability × Controls
The best bet is to reduce risk to a level that can be accepted.A. TrueB. False
A loss of client confidence or public trust is an example of a loss of _______.
A _______ is used to reduce a vulnerability.
As long as a company is profitable, it does not need to consider survivability.A. TrueB. False
What is the primary goal of an information security program?A. To eliminate losses related to employee actionsB. To eliminate losses related to riskC. To reduce losses related to residual riskD. To
The _______ is an industry-recognized standard list of common vulnerabilities.
Which of the following is a goal of risk management?A. To identify the correct cost balance between risk and controlsB. To eliminate risk by implementing controlsC. To eliminate the loss associated
If the benefits outweigh the cost, a control is implemented. Costs and benefits are identified by completing a _______.
A company decides to reduce losses of a threat by purchasing insurance, which is known as risk _______.
After controls to minimize risk in the environment have been applied, what is the remaining risk called?A. Remaining riskB. Mitigated riskC. Managed riskD. Residual risk
Who is ultimately responsible for losses resulting from residual risk?A. End usersB. Technical staffC. Senior managersD. Security personnel

Showing 200 - 300 of 225

1
2
3