QUESTION 1

Assessing risks means to evaluate risk in terms of which two factors?

		The risks likelihood of occurring and the impact or consequences should the risk occur.
		The risks possibility of disabling the organization and the number of IT domains the occurrence will affect.
		The number of times the risk might occur and the dollar value of each occurrence.
		The number of people the risk occurrence will affect and the number of people involved in mitigating the threat.

2.00000 points

QUESTION 2

Assigning wording or some quasi-subjective value, such as critical, major, or minor, would be considered a __________ way of assessing risk.

		relative
		comparative
		qualitative
		quantitative

2.00000 points

QUESTION 3

The purpose of an IT risk assessment is to assist organizations in the:

		identification of risks and their risk impact or risk factor on each of the seven domains of a typical IT infrastructure.
		deployment of IT resources and human resources to respond to threats that have impacted the seven domains of a typical IT infrastructure.
		avoidance of liability for risks that have impacted the seven domains of a typical IT infrastructure.
		prevention of all risk that could damage the future prospects of the organization and its employees.

2.00000 points

QUESTION 4

From an IT risk assessment, organizations can make business decisions pertaining to:

		assigning responsibility and liability.
		prioritization or risk remediation solutions.
		the hierarchy of departments within the organization.
		classification of employees by importance or value.

2.00000 points

QUESTION 5

Assigning numerical values or some objective, empirical value such as Under 10% chance or Biweekly would be considered a __________ way of assessing risk.

		relative
		comparative
		qualitative
		quantitative

2.00000 points

QUESTION 6

The risk assessment you performed in the lab required you to assign a score to each of the identified risks using:

		labels from a given scale.
		a series of quantitative scores.
		the estimated dollar amount of the potential damage.
		the estimated dollar amount of noncompliance.

2.00000 points

QUESTION 7

Using qualitative scores to assess risks:

		takes the same amount of time and energy as any other method.
		is not an effective method for risk assessment.
		is comparatively tedious and time-consuming.
		is comparatively easy and quick.

2.00000 points

QUESTION 8

Using words such as critical or major in a risk assessment introduces:

		objectivity.
		subjective opinion.
		liability concerns.
		more errors and mistakes.

2.00000 points

QUESTION 9

Using a __________ scoring method for assessing risk is more objective, but can take much more time.

		relative
		comparative
		qualitative
		quantitative

2.00000 points

QUESTION 10

Referring to your organizations history or claims records by answering such questions as How often has this happened to us, or others? would be considered a __________ type of risk assessment scoring.

		relative
		comparative
		qualitative
		quantitative

2.00000 points

QUESTION 11

Researching the costs to recover from losses would be considered a __________ type of risk assessment scoring.

		relative
		comparative
		qualitative
		quantitative

2.00000 points

QUESTION 12

Which of the following statements is true regarding risk assessment?

		It is possible to assess risks both quantitatively and qualitatively.
		Risk should only be assessed by using relative or comparative methods.
		An organization should resist using quantitative methods for assessing risk.
		An organization should not use more than one method to assess risk.

2.00000 points

QUESTION 13

In the lab, which of the following was categorized with a risk impact/risk factor value of 1 or Critical?

		A risk, threat, or vulnerability that impacts compliance and places the organization in a position of increased liability
		A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
		A risk, threat, or vulnerability that impacts the confidentiality, integrity, and availability (C-I-A) of an organizations intellectual property assets and IT infrastructure
		All of the items in the table showing the risks, threats, and vulnerabilities that could be found in a health care IT infrastructure

2.00000 points

QUESTION 14

In the lab, which of the following was categorized with a risk impact/risk factor value of 2 or Major?

		A risk, threat, or vulnerability that impacts compliance and places the organization in a position of increased liability
		A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
		A risk, threat, or vulnerability that impacts the confidentiality, integrity, and availability (C-I-A) of an organizations intellectual property assets and IT infrastructure
		All of the items in the table showing the risks, threats, and vulnerabilities that could be found in a health care IT infrastructure

2.00000 points

QUESTION 15

In the lab, which of the following was categorized with a risk impact/risk factor value of 3 or Minor?

		A risk, threat, or vulnerability that impacts compliance and places the organization in a position of increased liability
		A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
		A risk, threat, or vulnerability that impacts the confidentiality, integrity, and availability (C-I-A) of an organizations intellectual property assets and IT infrastructure
		All of the items in the table showing the risks, threats, and vulnerabilities that could be found in a health care IT infrastructure

2.00000 points

QUESTION 16

In the lab, you assigned a risk impact/risk factor value of 1, 2, or 3 based on the __________ of the risk, threat, or vulnerability.

		cost
		likelihood
		domain
		priority

2.00000 points

QUESTION 17

Which of the following statements is true regarding suggesting next steps to executive management?

		Make sure your recommendations are strictly from the IT departments point of view.
		Be prepared to explain costs, both in implementing the controls and then in maintaining the controls.
		Accountability should be explained in terms of individual liability rather than in terms of roles and responsibilities.
		Executive management will only be concerned with actual dollar costs, not goodwill or reputation, market share, or lost opportunity.

2.00000 points

QUESTION 18

In the lab, you wrote a four-paragraph __________ that summarized your findings, described the approach and prioritization of critical, major, and minor risk assessment elements, included a risk assessment and risk impact summary of the seven domains of a typical IT infrastructure, and provided recommendations and next steps for executive management.

		management overview
		risk assessment outline
		IT infrastructure recap
		executive summary

2.00000 points

QUESTION 19

Which risk-mitigation would you use for the following risk factor? User downloads and clicks on an unknown e-mail attachment

		Implement backup and data recovery policies, standards, procedures, and guidelines.
		Implement Web content filtering to enhance employee productivity.
		Implement vulnerability management and software patching.
		Implement e-mail filtering and quarantining.

2.00000 points

QUESTION 20

Which risk-mitigation would you use for the following risk factor? Weak ingress/egress traffic-filtering degrades performance

		Implement backup and data recovery policies, standards, procedures, and guidelines.
		Implement Web content filtering to enhance employee productivity.
		Implement vulnerability management and software patching.
		Implement e-mail filtering and quarantining.