Filters
Question type
Study Flashcards

Which of the following attributes does NOT apply to software information assets?


A) Serial number
B) Controlling entity
C) Manufacturer name
D) Product dimensions

E) A) and C)
F) All of the above

Correct Answer

verifed

verified

The identification and assessment of levels of risk in an organization describes which of the following?


A) Risk analysis
B) Risk identification
C) Risk management
D) Risk reduction

E) None of the above
F) C) and D)

Correct Answer

verifed

verified

The probability that a specific vulnerability within an organization will be the targetof an attack is known as risk.____________

A) True
B) False

Correct Answer

verifed

verified

The recognition,enumeration,and documentation of risks to anorganization's information assets.is known as risk control.____________ ​

A) True
B) False

Correct Answer

verifed

verified

How should the initial inventory be used when classifying and categorizing assets?

Correct Answer

verifed

verified

The inventory should reflect the sensiti...

View Answer

Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.

Correct Answer

verifed

verified

As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

Correct Answer

verifed

verified

factor ana...

View Answer

Two of the activities involved in risk management include identifying risks and assessing risks.Which of the following activities is part of the risk identification process?


A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the severity of risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Documenting and reporting the findings of risk identification and assessment

E) All of the above
F) B) and C)

Correct Answer

verifed

verified

An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.


A) risk management
B) risk analysis
C) classification categories
D) risk identification
E) field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet

K) B) and J)
L) A) and E)

Correct Answer

verifed

verified

MAC addresses are considered a reliable identifier for devices with network interfaces,since they are essentially foolproof.

A) True
B) False

Correct Answer

verifed

verified

False

An evaluation of the dangers to information assets,including adetermination of their potential to endanger the organization.


A) risk management
B) risk analysis
C) classification categories
D) risk identification
E) field change order
F) threat assessment
G) risk appetite
H) qualitative assessment
I) residual risk
J) ranked vulnerability risk worksheet

K) A) and G)
L) C) and G)

Correct Answer

verifed

verified

Why is threat identification so important in the process of risk management?

Correct Answer

verifed

verified

Any organization typically faces a wide variety of threats.If you assume that every threat can and will attack every information asset,then the project scope becomes too complex.To make the process less unwieldy,each step in the threat identification and vulnerability identification processes is managed separately and then coordinated at the end.At every step,the manager is called on to exercise good judgment and draw on experience to make the process function smoothly.

Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.

Correct Answer

verifed

verified

likelihood...

View Answer

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?


A) Name
B) MAC address
C) Serial number
D) Manufacturer's model or part number

E) A) and B)
F) A) and D)

Correct Answer

verifed

verified

What are the included tasks in the identification of risks?

Correct Answer

verifed

verified

Creating an inventory of information ass...

View Answer

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?


A) Risk determination
B) Assessing potential loss
C) Likelihood and consequences
D) Uncertainty

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

D

Discuss the trends in frequency of attacks and how that plays into a risk management strategy.

Correct Answer

verifed

verified

The number of detected attacks is steadi...

View Answer

The information technology management community of interest often takes on the leadership role in addressing risk. ____________

A) True
B) False

Correct Answer

verifed

verified

Classification categories must be ____________________ and mutually exclusive.

Correct Answer

verifed

verified

Once an information asset is identified,categorized,and classified,what must also be assigned to it?


A) Asset tag
B) Relative value
C) Location ID
D) Threat risk

E) A) and D)
F) A) and C)

Correct Answer

verifed

verified

Showing 1 - 20 of 60

Related Exams

Exam 1

Introduction to the Management of Information Security

63 Questions

Exam 2

Compliance: Law and Ethics

50 Questions

Exam 3

Governance and Strategic Planning for Security

52 Questions

Exam 4

Information Security Policy

56 Questions

Exam 5

Developing the Security Program

55 Questions

Exam 7

Risk Management: Controlling Risk

60 Questions

Exam 8

Security Management Models

60 Questions

Exam 9

Security Management Practices

59 Questions

Exam 10

Planning for Contingencies

60 Questions

Exam 11

Personnel and Security

60 Questions

Exam 12

Protection Mechanisms

61 Questions

Show Answer