FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 7: Risk Management: Controlling Risk

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 21

Essay

Review LaterAdd Note

Review Later

What are the four phases of the Microsoft risk management strategy?

Correct Answer

verified

1.Assessing risk
2.Conducting...

View Answer

Show Answer

Question 22

True/False

Review LaterAdd Note

Review Later

The risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards is the protect risk control strategy,also known as the avoidance strategy.____________

A) True
B) False

Correct Answer

verified

Show Answer

Question 23

Multiple Choice

Review LaterAdd Note

Strategies to limit losses before and during a realized adverse event is covered by which of the following plans in the mitigation control approach?

What does the result of a CBA determine?What is the formula for the CBA?

The NIST risk management approach includes all but which of the following elements?

Which of the following is not a step in the FAIR risk management framework?

What is the OCTAVE method approach to risk management?

Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster?

The financial savings from using the defense risk control strategy to implementa control and eliminate the financial ramifications of an incident.

Which of the following is NOT an alternative to using CBA to justify risk controls?

The goal of InfoSec is not to bring residual risk to zero; rather,it is to bring residual risk in line with an organization's risk ___________.

A risk control strategy that attempts to reduce the impactof the loss caused by a realized incident,disaster,or attack through effective contingencyplanning and preparation.

The ____________________ risk control strategy attempts to shift the risk to other assets,processes,or organizations.

A risk control strategy that indicates the organization iswilling to accept the current level of risk and that the organization makes a conscious decisionto do nothing to protect an information asset from risk and to accept the outcome from anyresulting exploitation.

Application of training and education is a common method of which risk control strategy?

When a vulnerability (flaw or weakness)exists in an important asset,implement security controls to reduce the likelihood of a vulnerability being ___________.

In which technique does a group rate or rank a set of information,compile the results and repeat until everyone is satisfied with the result?

Describe the use of hybrid assessment to create a quantitative assessment of asset value.

The risk control strategy that indicates the organization is willing to accept the current level of risk.As a result,the organization makes a conscious decision to do nothing to protect an information asset from risk and to accept the outcome from any resulting exploitation is known as the termination risk control strategy.

Which of the following affects the cost of a control?