FedVTE Cyber Risk Management for Managers Questions and Answers Graded A+

Document Content and Description Below

Of the risk mitigation steps, in which step does management determine the most cost-effective control(s) for reducing risk to the organization's mission? ✔✔Step 4: Select Controls Which site is ... fully equipped, requiring only a short setup time due to restoring data backups and configurations? ✔✔Hot Data classification directly impacts which of the following? ✔✔All of the above A self-replicating program that requires user intervention to spread, and is typically comprised of a replication element and a payload is a(n)? ✔✔Virus In managing risks, eliminating the asset's exposure to risk, or eliminating the asset altogether, describes which one of the following? ✔✔Avoid Which type of analysis is often expressed as: annual loss expectancy = (asset value x exposure factor) x annual rate of occurrence? ✔✔Quantitative Analysis Covert security testing (white hat testing) involves testing without the knowledge of the organization's IT staff. ✔✔FalsePeople, information, and technology are examples of? ✔✔Assets Providing a basis for trust between organizations that depend on the information processed, stored, or transmitted by those systems is an Assurance "Expectation." ✔✔False Judgmental Valuation is considering variables such as technical complexity, control procedures in place, and financial loss. ✔✔False Low humidity within a server room could result in a static electricity build-up/discharge. ✔✔True Network architecture and configurations are part of which category of vulnerabilities? ✔✔Design Vulnerabilities Which of the following does an effective monitoring program NOT include? ✔✔Security impact analyses on proposed or actual changes to the information system and its environment of operation Which of the following technical controls place servers that are accessible to the public in a special network? ✔✔De-Militarized Zone A locking mechanism which is controlled by a mechanical key pad is known as? ✔✔Cipher lock The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? ✔✔FalseWhich of the following families of controls belongs to the technical class of controls? ✔✔Identification and Authentication NAT is a network address translation which makes a bridge between a local network and the Internet and maps network ports. ✔✔False Which one of the following is a challenge of determining impact and risk? ✔✔All of the above Which of the following is the ability to hide messages in existing data? ✔✔Steganography A vulnerability is described as "A flaw or weakness in system security procedures, design, implementation, or internal controls that, if exercised (accidentally triggered or intentionally exploited), would result in a security breach or a violation of the system's security policy." ✔✔True Attack scripts target web browsers such as IE, through XSS, and are typically written in JavaScript. ✔✔True Which risk comes from a failure of the controls to properly mitigate risk? ✔✔Control Which of the following malware will allow an attacker to dynamically install additional malware? ✔✔DownloaderThe threat-source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. Which likelihood rating does this describe? ✔✔Medium The minimum assurance requirement which assessors conducting security assessments should evaluate to is provided in NIST SP 800-53. ✔✔True Simulating attack from a malicious source could be part of penetration testing. ✔✔True NIST SP 800-30 defines risk as "a function of the likelihood of a given threat-source exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization." ✔✔True Judgmental Valuation is a decision made based upon business knowledge, executive management directives, historical perspectives, business goals, and environmental factors. ✔✔True A DoS attack which generates more traffic than a network segment or route can handle is attacking which point within a network? ✔✔Bandwidth Software as a Service is one class of Cloud Computing. ✔✔True Which tier of Risk Management is associated with Enterprise Architecture? ✔✔Tier 2, Mission, Business ProcessA business operation review is conducted to: ✔✔All of the above Which of the following firewall implementations is a combination of a packet filter with bastion host? ✔✔Screened-host Which NIST special publication is a guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach? ✔✔NIST SP 800-37 Which one of the following plans provides procedures for relocating information systems operations to an alternate location? ✔✔Disaster Recovery Plan, DRP Which of the following is an algorithm or hash that uniquely identifies a specific virus, worm or variant of malicious code? ✔✔Steganography Which step of a risk assessment uses the history of system attacks? ✔✔Step 2: Threat Identification Controls are an action or process for mitigating a vulnerability or otherwise limiting the impact from a realized vulnerability. ✔✔True CERT-RMM is a capability model for managing and improving operational resilience. ✔✔True Which of the following is the set of security controls for an information system that is primarily implemented and executed by people? ✔✔Operational ControlsTerrorism, sabotage, war, theft, fraud, arson, and labour disputes are part of which category of threats? ✔✔Deliberate destruction When considering costs, the "Total Cost of Ownership," TCO, must be considered for the full life cycle of the control/countermeasure. ✔✔True Which of the following is information not approved for general circulation outside th [Show More]

Last updated: 1 year ago

Preview 3 out of 7 pages