Information Security and Risk Assessment MCQ With Answers

Risk Assessment Information Security MCQ Tech Hyme

Security, by its very nature, is inconvenient, and the more robust the security mechanisms, the more inconvenient the process becomes. Even now, despite the stories of compromised data, people still want to share their data with everyone. Many organizations spend a great deal of time and money addressing perimeter defenses and overlook some fundamental security mechanisms.

You may also read:

34. Which of the following is the best source for developing Recovery Time Objectives (RTO)?

Industry averages
Tape restore statistics
Business impact analysis
Previous recovery test results

35. In providing risk reporting to management, the most appropriate vehicle for the initial reporting of a major security incident would be to include it in a:

Quarterly report
Special report
Monthly report
Weekly report

36. Risk mitigation includes all of the following except:

Risk assumption
Risk planning
Risk limitation
Risk identification

37. To determine if a threat poses a risk, the risk management team must determine the impact and

Vulnerability
Probability
Identification
Reason

38. To accept the potential risk and continue operating or to implement controls to lower the risk to an acceptable level is termed:

Risk assumption
Risk avoidance
Risk sharing
Risk management

39. Two forms of risk assessment are:

Analytical and assessment
Technical and procedural
Qualitative and quantitative
Subjective and objective

40. The process used to demonstrate that the costs of implementing controls can be justified by the reduction of a risk level is:

Probability and impact
Vulnerability assessment
Compliance checking
Cost benefit

41. The process for determining the acceptable level of impact on organization applications, systems, and business processes is called:

Risk analysis
Risk assessment
Business impact analysis
Project impact analysis

42. Three basic threat categories include human, natural, and what additional category?

Possible
Probable
Engineering
Environmental

43. The potential for a particular event to successfully exercise a particular vulnerability is called:

Threat
Risk
Impact
Probability

44. Another term for project impact analysis is:

Risk assessment
Cost benefit
Security management
Risk analysis

45. Four deliverables from a risk assessment process are threats identified, controls selected, action plan complete, and

Risk level established
Technical issued quantified
Vulnerability assessment completed
Risk mitigation established

46. Risk management encompasses three processes: risk assessment, risk mitigation, and what other element?

System development life cycle
Risk analysis
Evaluation and assessment
Threat analysis

47. Risk management is the process that allows IT managers to balance the operational and what other element of protective measures?

Cost
Technology
Mission
Politics

48. Effective risk management must be totally integrated into what process?

IPL
SDLC
Security perimeter
Disposal

49. Senior management depends on an effective risk analysis process to make informed business decisions. This management responsibility is called:

Due diligence
Due proxy
Due date
DEW line

50. What is the first process in the risk management methodology?

Records retention
Likelihood
Fault tolerance
Risk analysis

51. The results of the likelihood that a given threat-source were to be used is termed:

Vulnerability
Risk
Control
Probability

52. There are three basic forms of threat-sources. These are human threats, environmental threats, and what other kind of threat?

Tangible
Intangible
Terror
Natural

53. A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised and result in a security breach or violation of the system’s security policy is called:

Vulnerability
Typical
Virus
Logic bomb

54. Two major types of risk analysis are:

Threat and controls
Errors and omissions
Quantitative and qualitative
Vulnerability and management

55. A systematic methodology used by senior management to reduce mission risk is termed:

Risk transfer
Risk limitation
Accepting the risk
Risk mitigation

56. To convey a risk by using other options to compensate for loss, such as purchasing insurance, is referred to as:

Risk transfer
Risk assumption
Risk planning
Risk limitation

57. To check a risk by implementing controls that minimize the adverse impact of the threat’s exercising a vulnerability (such as use of supporting, preventive, detective controls) is referred to as:

Risk transfer
Risk assumption
Risk planning
Risk limitation

58. The types of controls focused on stopping a security breach from occurring in the first place are termed:

Containment
Preventive
Detection
Recovery

59. An audit log is an example of what type of control?

Containment
Preventive
Detection
Recovery

60. To allocate resources and implement cost-effective controls, organizations, after identifying all possible controls and evaluating their feasibility and effectiveness, should perform what form of additional analysis?

Vulnerability analysis
Cost-benefit analysis
Qualitative
Quantitative

61. Which of the following is not a responsibility of the data or systems owner?

To identify, describe, and designate the sensitivity of their applications systems
To ensure that appropriate security control requirements are included in specifications
To assess security requirements by evaluating application assets, threats, and vulnerabilities
To develop industry best practices

62. Which of the following attacks would compromise the integrity of system information?