1.Which term below defines the identification and assessment of levels of risk w

Question

1.Which term below defines the identification and assessment of levels of risk within an organization? A) Risk assessment B) Risk management C) Risk analysis D) Risk identification

2. A(n) ___________ is often a self-employed or agent contractor, hired to perform a specific task or work on a specific project.

3. The ___________ uses categories instead of specific values to determine risk.

4. A ___________ lists activities on a vertical axis, with the horizontal axis representing a time line.

5. The ___________ can be calculated using the values from an ARO multiplied by the values from an SLE.

6. In security management, which term describes a comprehensive assessment of both technical and nontechnical protection strategies for a particular system? A) Accreditation B) Certification C) Authorization D) Verification

7. In the likelihood and consequences rating from the Australian and New Zealand Risk Management Standard 4360, a risk level of 5 indicates what level of consequences? A) Major B) Moderate C) Catastrophic D) Insignificant

8. The ___________ of a threat is the overall rating, or numerical value, of the probability that a specific vulnerability will be exploited.

9. True or False: It is the CISOs responsibility to ensure that InfoSec functions are performed within an organization. A) True B) False

10. After plaintext messages have been encrypted, the encrypted text is known as .

11. An organization is considered to be medium-sized when it has approximately how many devices? A) Less than 100 B) More than 1000 C) More than 2000 D) More than 100, less than 1000

12. True or False: The Critical Path Method is fundamentally different from the PERT diagram. A) True B) False

13. The ________ is used to declare the intended areas of operation for a business.

14. True or False: Asset valuation is the process of assigning financial value or worth to each information asset. A) True B) False

15. The __________ is a set of recommended or best practices for organizations using payment cards.

16. 23. Wireshark is an example of what type of utility? A) Packet sniffer B) Port scanner C) Vulnerability scanner D) Content filter

17. Which two steps within the Risk Management Framework replaced the C&A approach? A) Steps 2 (select) & 3 (implement) B) Steps 3 (implement) & 4 (assess) C) Steps 1 (categorize) & 2 (select) D) Steps 4 (assess) & 5 (authorize)

18. The ____________ , consists of a list of major tasks and attributes, as well as smaller tasks or specific action steps under each major task.

19. Which of the following is described as processes that ensure all actions on a system can be attributed to an authenticated identity? A) Accountability B) Identification C) Authorization D) Authentication

20. The _____________ is the responsibility of the CISO, and is designed to reduce incidence of accidental security breaches by organization members.

21. __________ use a challenge response mechanism in which a server challenges a user with a number, which a user must then enter into a device to calculate the response number.

22. True or False: The CISSP certification is intended for security professionals that may not have much experience in InfoSec. A) True B) False

23. What is the formula for calculating risk? A) (value * uncertainty) + likelihood - risk mitigated = risk B) (value * risk mitigated) + likelihood - uncertainty = risk C) (value * likelihood) - risk mitigated + uncertainty = risk D) (likelihood * uncertainty) + risk mitigated - value = risk

24. 22. What is the range for well-known ports in the TCP/IP protocol suite? A) 1024 through 65,535 B) 0 through 1023 C) 49,152 through 65,535 D) 1024 through 49,151

25. Operational feasibility, which refers to user acceptance and support, as well as management acceptance and support, is also known as __________

Explanation / Answer

answer 1)B) Risk management

answer 2)project manager

answer 3)A)Risk assessment

answer 4)C) Risk analysis

answer 5) A) Risk assessment

answer 6) C) Authorization

answer 7)A) Major

answer 8)B) Moderate

answer 9)A) True

answer 10) information

answer 11)D) More than 100, less than 1000

answer 12)A) True

answer 13)B) Certification

answer 14)A) True

answer 15)

answer 16)B) Port scanner

answer 17)C) Steps 1 (categorize) & 2 (select)

answer 18)authorization

answer 19)D) Authentication

answer 20)C) Authorization

answer 21)B) Identification

answer 22)B) False

answer 23)(value * uncertainty) + likelihood - risk mitigated = risk

answer 24)B) 0 through 1023

answer 25)D) Authentication

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.