1-RAs are simpler to complete than risk management plans, because risk managemen

Question

1-RAs are simpler to complete than risk management plans, because risk management plans are continuous processes while RAs are simple point-in-time documents that can easily be completed in a single sitting.

True

False

2-

The first section of a qualitative RA attempts to prioritize risk. The second section of a qualitative RA evaluates the effectiveness of controls.

True

False

3-

You run a bank and wish to update your physical security at each branch of your bank and to update the technological security of the bank’s private financial data. What is the best way to determine whether physical security or technological security has a higher priority of protection?

CBAs

POAMs

CVEs

RAs

CBAs

POAMs

CVEs

RAs

Explanation / Answer

1.Risk assessment is a careful examination of the process that a system is undergoing to identify any kinds of risk and threats that might affect the system. Risk assessment is not a one point activity but must be conducted at regular intervals to keep a sanity check on the system. Hence the statement is False.

2. A qualitative risk analysis can be divided in 2 parts:

Hence the given statement is True

3. Risk assessment helps in identifying risks and prioritizing them. Hence best way to determine whether physical security or technological security has a higher priority of protection is to conduct a risk assessment.

Hence the answer is option (d) RAs

Related Questions

Navigate

• Browse (All)
• Browse 1
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.