2. A risk manager has performed a risk analysis on a server that is worth $120,0

Question

2. A risk manager has performed a risk analysis on a server that is worth $120,000.

The risk manager has determined that the Single Loss Expectancy is $100,000. The

Exposure Factor is:

a. 83%

b. 1.2

c. 80%

d. 120%

3. A risk manager has performed a risk analysis on a server that is worth $120,000. The

Single Loss Expectancy (SLE) is $100,000, and the Annual Loss Expectancy (ALE) is

$8,000. The Annual Rate of Occurrence (ARO) is:

a. 12.5

b. 92%

c. 8

d. 8%

4. A risk manager needs to implement countermeasures on a critical server. What factors

should be considered when analyzing different solutions?

a. Original annualized loss expectancy (ALE)

b. Annualized Loss Expectancy (ALE) that results from the implementation of the

countermeasure

c. Original Exposure Factor (EF)

d. Original Single Loss Expectancy (SLE)

30 Chapter 1

1

5. The general approaches to risk treatment are:

a. Risk acceptance, risk avoidance, and risk reduction

b. Risk acceptance, risk reduction, and risk transfer

c. Risk acceptance, risk avoidance, risk reduction, and risk transfer

d. Risk analysis, risk acceptance, risk reduction, and risk transfer

6. CIA refers to:

a. Confidence, Integrity, and Audit of information and systems

b. Confidentiality, Integrity, and Assessment of information and systems

c. Confidentiality, Integrity, and Availability of information and systems

d. Cryptography, Integrity, and Audit of information and systems

7. A recent failure in a firewall resulted in all incoming packets being blocked. This type of

failure is known as:

a. Fail open

b. Access failure

c. Circuit closed

d. Fail closed

8. The definition of PII:

a. Is name, date of birth, and home address

b. Is name, date of birth, home address, and home telephone number

c. Is name, date of birth, and social insurance number

d. Varies by jurisdiction and regulation

9. The statement, “ All financial transactions are to be encrypted using 3DES†is an

example of a:

a. Procedure

b. Guideline

c. Standard

d. Policy

10. The purpose of information classification is:

a. To establish procedures for safely disposing of information

b. To establish procedures for the protection of information

c. To establish procedures for information labeling

d. To establish sensitivity levels for information

11. An organization is concerned that its employees will reveal its secrets to other parties.

The organization should implement:

a. Document marking

b. Non-disclosure agreements

Review Questions 31

c. Logon banners

d. Security awareness training

12. The purpose of a background verification is to:

a. Obtain independent verification of claims on an employment application

b. Determine if the applicant should be hired

c. Determine if the applicant is suitable for the job description

d. Determine the applicant’ s honesty

13. When an employee is terminated from employment, the employee’ s access to computers

should be terminated:

a. At the next monthly audit

b. At the next quarterly audit

c. Within seven days

d. Within one day

14. Security awareness training should be:

a. Mandatory for information workers only

b. Optional

c. Provided at the time of hire and annually thereafter

d. Provided at the time of hire

15. Management in an organization regularly reassigns employees to different functions.

This practice is known as:

a. Job rotation

b. Reassignment

c. Separation of duties

d. Due diligence

Explanation / Answer

2) a

3) b

4)a

5) d

6) c

7)a

8) d

9) c

10)b

11)c

12)a

13)a

14)d

15)b

Related Questions

Navigate

• Browse (All)
• Browse 2
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.