Quiz: Module 15 Information Security Management

Which of the following threats would be classified as the actions of a hacktivist?

a. external threat

b. internal threat

c. environmental threat

d. compliance threat

a. external threat

Which of these is NOT a response to risk?

a. mitigate

b. accept

c. resist

d. avoid

c. resist

Which of the following is NOT a threat classification category?

a. compliance

b. financial

c. tactical

d. strategic

c. tactical

In which of the following threat classifications would a power blackout be classified?

a. operational

b. managerial

c. technical

d. strategic

a. operational

Which of the following approaches to risk calculation typically assigns a numeric value (1–10) or label (High, Medium, or Low) to represent a risk?

a. quantitative

b. qualitative

c. rule based

d. policy based

b. qualitative

What is a list of potential threats and associated risks called?

a. risk assessment

b. risk matrix

c. risk register

d. risk portfolio

c. risk register

Giovanni is completing a report on risks. To which risk option would he classify the action that the organization has decided not to construct a new data center because it would be located in an earthquake zone?

a. transfer

b. avoid

c. reject

d. prevent

b. avoid

Aristide is explaining to a coworker the new cybersecurity asset management (CAM) system. Which of the following would he NOT say about a CAM?

a. It is a relatively new process that combines asset management with information security.

b. It can identify assets on a continuous and real-time basis.

c. It can use vulnerability scanners.

d. It is designed to replace asset management.

d. It is designed to replace asset management.

Emiliano needs to determine the expected monetary loss every time a risk occurs. Which formula will he use?

a. AV

b. SLE

c. ARO

d. ALE

b. SLE

Enzo is reviewing asset tracking for a certification exam. Which of the following is NOT true about asset tracking?

a. Asset tracking can be used to determine when assets should be upgraded, replaced, or disposed.

b. Asset tracking can help determine what assets add value.

c. Asset tracking is part of an asset management system.

d. Asset tracking traces the location of intangible assets.

d. Asset tracking traces the location of intangible assets.

Which of the following is a listing of assets by a seller of those assets?

a. asset enumeration

b. asset inventory

c. asset counting

d. asset verification

a. asset enumeration

Which of the following is NOT a legally enforceable agreement but is still more formal than an unwritten agreement?

a. BPA

b. SLA

c. MOU

d. AMS

c. MOU

Angelo has received a document that is part of a contract that describes the work requirements for a specific project. What type of document is this?

a. EOA

b. BPP

c. SOW

d. EOS

c. SOW

Which of the following uses scientific tools to determine the amount of variation that is added to a process?

a. XRS

b. MSA

c. RAR

d. PDP

b. MSA

Which of the following risk management strategies utilizes cybersecurity insurance?

a. accept

b. transfer

c. mitigate

d. change

b. transfer

Which of the following is NOT a third-party risk?

a. on-boarding

b. social media network sharing

c. risk awareness

d. network assignment

d. network assignment

Sergio has been asked to provide historical data for calculating the likelihood of a risk. Which of the following data sets would he NOT submit?

a. network packet analysis

b. law enforcement data

c. insurance company data

d. data from computer incident monitoring organizations

a. network packet analysis

Which of the following is used to minimize biases and prejudices regarding analyzing risks?

a. RCSA

b. RCA

c. SCRA

d. DOS

a. RCSA

Which of the following is NOT a standard operating procedure that can impact information security?

a. change in ownership or stakeholders

b. implement impact analysis or test results

c. execute backout plan or maintenance window

d. change allow lists/deny lists

d. change allow lists/deny lists

Gabe is creating a report for his supervisor Cora that outlines the total risk that the organization can bear in a given risk profile. Which of the following terms would Gabe be using?

a. risk tolerance

b. risk appetite

c. risk expansion

d. risk acceptance

c. risk expansion