QUESTION 1 Assessing risks means to evaluate risk in terms of which two factors?
ID: 3736520 • Letter: Q
Question
QUESTION 1
Assessing risks means to evaluate risk in terms of which two factors?
The risk’s likelihood of occurring and the impact or consequences should the risk occur.
The risk’s possibility of disabling the organization and the number of IT domains the occurrence will affect.
The number of times the risk might occur and the dollar value of each occurrence.
The number of people the risk occurrence will affect and the number of people involved in mitigating the threat.
2.00000 points
QUESTION 2
Assigning wording or some quasi-subjective value, such as critical, major, or minor, would be considered a __________ way of assessing risk.
relative
comparative
qualitative
quantitative
2.00000 points
QUESTION 3
The purpose of an IT risk assessment is to assist organizations in the:
identification of risks and their risk impact or risk factor on each of the seven domains of a typical IT infrastructure.
deployment of IT resources and human resources to respond to threats that have impacted the seven domains of a typical IT infrastructure.
avoidance of liability for risks that have impacted the seven domains of a typical IT infrastructure.
prevention of all risk that could damage the future prospects of the organization and its employees.
2.00000 points
QUESTION 4
From an IT risk assessment, organizations can make business decisions pertaining to:
assigning responsibility and liability.
prioritization or risk remediation solutions.
the hierarchy of departments within the organization.
classification of employees by importance or value.
2.00000 points
QUESTION 5
Assigning numerical values or some objective, empirical value such as “Under 10% chance” or “Biweekly” would be considered a __________ way of assessing risk.
relative
comparative
qualitative
quantitative
2.00000 points
QUESTION 6
The risk assessment you performed in the lab required you to assign a score to each of the identified risks using:
labels from a given scale.
a series of quantitative scores.
the estimated dollar amount of the potential damage.
the estimated dollar amount of noncompliance.
2.00000 points
QUESTION 7
Using qualitative scores to assess risks:
takes the same amount of time and energy as any other method.
is not an effective method for risk assessment.
is comparatively tedious and time-consuming.
is comparatively easy and quick.
2.00000 points
QUESTION 8
Using words such as “critical” or “major” in a risk assessment introduces:
objectivity.
subjective opinion.
liability concerns.
more errors and mistakes.
2.00000 points
QUESTION 9
Using a __________ scoring method for assessing risk is more objective, but can take much more time.
relative
comparative
qualitative
quantitative
2.00000 points
QUESTION 10
Referring to your organization’s history or claims records by answering such questions as “How often has this happened to us, or others?” would be considered a __________ type of risk assessment scoring.
relative
comparative
qualitative
quantitative
2.00000 points
QUESTION 11
Researching the costs to recover from losses would be considered a __________ type of risk assessment scoring.
relative
comparative
qualitative
quantitative
2.00000 points
QUESTION 12
Which of the following statements is true regarding risk assessment?
It is possible to assess risks both quantitatively and qualitatively.
Risk should only be assessed by using relative or comparative methods.
An organization should resist using quantitative methods for assessing risk.
An organization should not use more than one method to assess risk.
2.00000 points
QUESTION 13
In the lab, which of the following was categorized with a risk impact/risk factor value of “1” or Critical?
A risk, threat, or vulnerability that impacts compliance and places the organization in a position of increased liability
A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
A risk, threat, or vulnerability that impacts the confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT infrastructure
All of the items in the table showing the risks, threats, and vulnerabilities that could be found in a health care IT infrastructure
2.00000 points
QUESTION 14
In the lab, which of the following was categorized with a risk impact/risk factor value of “2” or Major?
A risk, threat, or vulnerability that impacts compliance and places the organization in a position of increased liability
A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
A risk, threat, or vulnerability that impacts the confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT infrastructure
All of the items in the table showing the risks, threats, and vulnerabilities that could be found in a health care IT infrastructure
2.00000 points
QUESTION 15
In the lab, which of the following was categorized with a risk impact/risk factor value of “3” or Minor?
A risk, threat, or vulnerability that impacts compliance and places the organization in a position of increased liability
A risk, threat, or vulnerability that can impact user or employee productivity or availability of the IT infrastructure
A risk, threat, or vulnerability that impacts the confidentiality, integrity, and availability (C-I-A) of an organization’s intellectual property assets and IT infrastructure
All of the items in the table showing the risks, threats, and vulnerabilities that could be found in a health care IT infrastructure
2.00000 points
QUESTION 16
In the lab, you assigned a risk impact/risk factor value of 1, 2, or 3 based on the __________ of the risk, threat, or vulnerability.
cost
likelihood
domain
priority
2.00000 points
QUESTION 17
Which of the following statements is true regarding suggesting next steps to executive management?
Make sure your recommendations are strictly from the IT department’s point of view.
Be prepared to explain costs, both in implementing the controls and then in maintaining the controls.
Accountability should be explained in terms of individual liability rather than in terms of roles and responsibilities.
Executive management will only be concerned with actual dollar costs, not goodwill or reputation, market share, or lost opportunity.
2.00000 points
QUESTION 18
In the lab, you wrote a four-paragraph __________ that summarized your findings, described the approach and prioritization of critical, major, and minor risk assessment elements, included a risk assessment and risk impact summary of the seven domains of a typical IT infrastructure, and provided recommendations and next steps for executive management.
management overview
risk assessment outline
IT infrastructure recap
executive summary
2.00000 points
QUESTION 19
Which risk-mitigation would you use for the following risk factor?
User downloads and clicks on an unknown e-mail attachment
Implement backup and data recovery policies, standards, procedures, and guidelines.
Implement Web content filtering to enhance employee productivity.
Implement vulnerability management and software patching.
Implement e-mail filtering and quarantining.
2.00000 points
QUESTION 20
Which risk-mitigation would you use for the following risk factor?
Weak ingress/egress traffic-filtering degrades performance
Implement backup and data recovery policies, standards, procedures, and guidelines.
Implement Web content filtering to enhance employee productivity.
Implement vulnerability management and software patching.
Implement e-mail filtering and quarantining.
The risk’s likelihood of occurring and the impact or consequences should the risk occur.
The risk’s possibility of disabling the organization and the number of IT domains the occurrence will affect.
The number of times the risk might occur and the dollar value of each occurrence.
The number of people the risk occurrence will affect and the number of people involved in mitigating the threat.
Explanation / Answer
Assessing risks means to evaluate risk in terms of following two factors :
Basically evaluation of risk for assessment involves identifying its impacts and the targets who will be affected if the occurrence is there.
---------------------------------------------------------------------------------------------
Qualitative
Assigning these words is the qualitative way.
----------------------------------------------------------------------------
identification of risks and their risk impact or risk factor on each of the seven domains of a typical IT infrastructure.
IT risk assessment is subject to the identification of risks that can hinder organization's continuous operation.
-----------------------------------------------------------------------------------------
prioritization or risk remediation solutions.
IT risk assessment helps organization to make business decision which can lead to the remedies for mitigating the risks.
-----------------------------------------------------------------------------------------
Quantitative way of assessing risk.
Assigning numerical values or some objective, empirical value such as “Under 10% chance” or “Biweekly” would be actually quantifying the risk with some measurable quantities.
-------------------------------------------------------------------------------------------
a series of quantitative scores.
risk assessment performed in the lab can rank the risks using the scores obtained in the lab reports and test.
------------------------------------------------------------------------
***************************Too many questions are asked here, kindly submit new posts for remaining questions, as per chegg policy it is mandatory to answer atleast 4 questions in the same posts. ---------------------------
Related Questions
drjack9650@gmail.com
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.