Question: QUESTION 9 Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over
QUESTION 9
Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over a qualitative risk assessment?
QUESTION 10
A document used to track the progress of remediating identified risk.
| a. | Risk Assessment | |
| b. | POA&M | |
| c. | Risk Profile | |
| d. | Vulnerability Assessment | |
1 points
QUESTION 11
If a hacker hacks in to a hospital and changes a patients blood type on his patient healthcare record, which of the following security services was the one that was principally violated?
| a. | Integrity | |
| b. | Authentication | |
| c. | Availability | |
| d. | Confidentiality |
1 points
QUESTION 12
What are valid contents of a risk management plan?
| a. | Scope | |
| b. | POA&M | |
| c. | Objectives | |
| d. | Recommendations | |
| e. | All of the above |
1 points
QUESTION 13
Which of the following is not a U.S. Government risk management initiative or program?
| a. | ITIL | |
| b. | DHS NCCIC | |
| c. | MITREs CVE List | |
| d. | US-CERT |
1 points
QUESTION 14
The possibility that a negative event will occur is known as a/an:
| a. | exploit | |
| b. | risk | |
| c. | threat | |
| d. | vulnerablity |
1 points
QUESTION 15
A weak password, or a firewall that has been improperly configured, is considered a/an:
| a. | threat | |
| b. | vulnerability | |
| c. | exploit | |
| d. | risk |
1 points
QUESTION 16
You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $200,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $50,000 per year. Which of the following is the best course of action?
| a. | Spend whatever it takes to ensure that this data is safe. | |
| b. | Accept the risk, | |
| c. | Spend the $50,000 to mitigate the risk | |
| d. | Spend $25,000 on cyber insurance to transfer the risk |
1 points
QUESTION 17
NISTs Special Publication 800-30 describes what
| a. | How to perform a risk assessment | |
| b. | A framework of good practices | |
| c. | Certification and accreditation practices | |
| d. | Maturity levels associated with CMMI |
1 points
QUESTION 18
A risk handling technique in which the organization chooses to simply do nothing, as the cost of the risk being actualized is lower than the cost of the security control, is known as
| a. | Acceptance | |
| b. | Avoidance | |
| c. | Mitigation | |
| d. | Transfer |
1 points
QUESTION 19
Which of the following is an example of an intangible asset?
| a. | Server software | |
| b. | Sales database | |
| c. | Good will or the branding that is associated with a well-liked product | |
| d. | Server hardware |
1 points
QUESTION 20
Which of the following is the formula used to calculate the risk that remains after you apply controls?
| a. | ALE=SLExARO | |
| b. | Risk=Threat X Vulnerability | |
| c. | Residual Risk = Total Risk - Controls | |
| d. | Total Risk=Thrat X Vulnerability X Assest Value |
1 points
QUESTION 21
A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.
| a. | Job Rotation | |
| b. | Need to Know | |
| c. | Acceptable Use | |
| d. | Separation of Duties |
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help