Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. Which formula is typically used to describe the components of information sec

ID: 3857708 • Letter: 1

Question

1. Which formula is typically used to describe the components of information security risks?

A)

Risk = Likelihood X Vulnerability

B)

Risk = Threat X Vulnerability

C)

Risk = Threat X Likelihood

D)

Risk = Vulnerability X Cost

Question 2

Earl is preparing a risk register for his organization's risk management program. Which data element is LEAST likely to be included in a risk register?

A)

Description of the risk

B)

Expected impact

C)

Risk survey results

D)

Mitigation steps

Question 3

Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining?

A)

Recovery time objective (RTO)

B)

Recovery point objective (RPO)

C)

Business recovery requirements

D)

Technical recovery requirement

Question 4

Which one of the following is an example of a direct cost that might result from a business disruption?

A)

Damaged reputation

B)

Lost market share

C)

Lost customers

D)

Facility repair

Question 5

Tom is the IT manager for an organization that experienced a server failure that affected a single business function. What type of plan should guide the organization's recovery effort?

A)

Disaster recovery plan (DRP)

B)

Business impact analysis (BIA)

C)

Business continuity plan (BCP)

D)

Service level agreement (SLA)

Question 6

Dawn is selecting an alternative processing facility for her organization's primary data center. She would like to have a facility that balances cost and switchover time. What would be the best option in this situation?

A)

Hot site

B)

Warm site

C)

Cold site

D)

Primary site

Question 7

Holly would like to run an annual major disaster recovery test that is as thorough and realistic as possible. She also wants to ensure that there is no disruption of activity at the primary site. What option is best in this scenario?:

A)

Checklist test

B)

Full interruption test

C)

Parallel test

D)

Simulation test

Question 8

George is the risk manager for a U.S. federal government agency. He is conducting a risk assessment for that agency's IT risk. What methodology is best suited for George's use?

A)

Risk Management Guide for Information Technology Systems (NIST SP800-30)

B)

CCTA Risk Analysis and Management Method (CRAMM)

C)

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

D)

ISO/IEC 27005, “Information Security Risk Management”

Question 9

A hospital is planning to introduce a new point-of-sale system in the cafeteria that will handle credit card transactions. Which one of the following governs the privacy of information handled by those point-of-sale terminals?

A)

Health Insurance Portability and Accountability Act (HIPAA)

B)

Payment Card Industry Data Security Standard (PCI DSS)

C)

Federal Information Security Management Act (FISMA)

D)

Federal Financial Institutions Examination Council (FFIEC)

Question 10

What is NOT one of the three tenets of information security?

A)

Confidentiality

B)

Integrity

C)

Safety

D)

Availability

Question 11

Which one of the following is an example of a logical access control?

A)

Key for a lock

B)

Password

C)

Access card

D)

Fence

Question 12

During which phase of the access control process does the system answer the question, "What can the requestor access?"

A)

Identification

B)

Authentication

C)

Authorization

D)

Accountability

Question 13

Ed wants to make sure that his system is designed in a manner that allows tracing actions to an individual. Which phase of access control is Ed concerned about?

A)

Identification

B)

Authentication

C)

Authorization

D_

Accountability

A)

Risk = Likelihood X Vulnerability

B)

Risk = Threat X Vulnerability

C)

Risk = Threat X Likelihood

D)

Risk = Vulnerability X Cost

Explanation / Answer

Solution 1:

Risk can be represented by threat and vulnerability.

Thus, the correct option is B)

Solution 2:

For risk management, definition of risk, its impact, and mitigation steps are most important things. Thus, these factors will be included in a risk register.

Thus, the correct option is C) Risk survey results.

Solution 3:

Recovery time objective is the time in which a business or any functional unit recovers after disaster. RPO does not tell about recovery period. It tells for what time data might remain lost before recovery. Other options tell about requirements.

Thus, the correct option is A) Recovery time Objective (RTO).

Solution 4:

Direct losses are monetized. In all options, lost market share is the monetary lost.

Thus, the correct option is D) Facility Repair.

Solution 5:

To develop strategies, a company always evaluate the consequences of any interruption to critical business operations. This evaluation is known as Business impact analysis.

Thus, the correct option is B) Business impact analysis.

Solution 6:

Hot site is the exact copy of primary site which takes few hours after disaster to be switched with minimal cost.

Thus, the correct option is A) Hot site.

Solution 7:

In Full interruption test, complete business is stopped for a period time. In Simulation test, some of activities are stopped. Parallel testing and business activities can be done simultaneously.

Thus, the correct option is C) Parallel test.

Solution 8:

NIST SP800-30 has been developed for risk assessment of federal information systems.

Thus, the correct answer is A) Risk Management Guide for Information Technology Systems (NIST SP800-30).

Solution 9:

Payment Card Industry data security standard is the organization that controls cardholder data to reduce frauds.

Thus, the correct option is B) Payment Card Industry data security standard (PCI DSS).

Solution 10:

Three tenats of information security are confidentiality, availability, and integrity.

Thus, the correct option is C) Safety.

Solution 11:

Logical access control is the system which enables the authorized users to access a specific system. Passwords is an example of logical access control.

Thus, the correct option is B) Password.

Solution 12:

What authorities a person is having, which controls he/she can access is known as authorization.

Thus, the correct option is C) Authorization.

Solution 13:

Accountability means responsibility. It tells who is responsible for the actions done.

Thus, the correct option is option D). Accountability.

Related Questions

1. Which combination of axon features should lead an axon to communicate with do
Question #3164432
1. Which command allows you to display the current vi mode at the bottom of the
Question #3849842
1. Which command is used to verify bits 7 and 0 of Port A are both logic zeroes?
Question #3646026
1. Which command of MS-DOS is used to copy only files that have been modified on
Question #3637083
1. Which command will find all files under /me/mine/ whose name is horses find -
Question #3862534
1. Which command would you give to update all installed packages using yum? $yum
Question #3903262
1. Which component of GDP will be affected by each of the following transactions
Question #1166469
1. Which component of consumption spending is the greatest in a typical economy?
Question #1223594

Navigate

Previous
1. Which formula is matched with the correct number of valence electrons in the
Next
1. Which formula represents a compound different from the other two? Select one:

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.