Information Security and Risk Assessment MCQ With Answers – Part 2

Risk Assessment Information Security MCQ Tech Hyme

Security, by its very nature, is inconvenient, and the more robust the security mechanisms, the more inconvenient the process becomes. Even now, despite the stories of compromised data, people still want to share their data with everyone. Many organizations spend a great deal of time and money addressing perimeter defenses and overlook some fundamental security mechanisms.

You may also read:

34. Which of the following is the best source for developing Recovery Time Objectives (RTO)?

  1. Industry averages
  2. Tape restore statistics
  3. Business impact analysis
  4. Previous recovery test results

35. In providing risk reporting to management, the most appropriate vehicle for the initial reporting of a major security incident would be to include it in a:

  1. Quarterly report
  2. Special report
  3. Monthly report
  4. Weekly report

36. Risk mitigation includes all of the following except:

  1. Risk assumption
  2. Risk planning
  3. Risk limitation
  4. Risk identification

37. To determine if a threat poses a risk, the risk management team must determine the impact and

  1. Vulnerability
  2. Probability
  3. Identification
  4. Reason

38. To accept the potential risk and continue operating or to implement controls to lower the risk to an acceptable level is termed:

  1. Risk assumption
  2. Risk avoidance
  3. Risk sharing
  4. Risk management

39. Two forms of risk assessment are:

  1. Analytical and assessment
  2. Technical and procedural
  3. Qualitative and quantitative
  4. Subjective and objective

40. The process used to demonstrate that the costs of implementing controls can be justified by the reduction of a risk level is:

  1. Probability and impact
  2. Vulnerability assessment
  3. Compliance checking
  4. Cost benefit

41. The process for determining the acceptable level of impact on organization applications, systems, and business processes is called:

  1. Risk analysis
  2. Risk assessment
  3. Business impact analysis
  4. Project impact analysis

42. Three basic threat categories include human, natural, and what additional category?

  1. Possible
  2. Probable
  3. Engineering
  4. Environmental

43. The potential for a particular event to successfully exercise a particular vulnerability is called:

  1. Threat
  2. Risk
  3. Impact
  4. Probability

44. Another term for project impact analysis is:

  1. Risk assessment
  2. Cost benefit
  3. Security management
  4. Risk analysis

45. Four deliverables from a risk assessment process are threats identified, controls selected, action plan complete, and

  1. Risk level established
  2. Technical issued quantified
  3. Vulnerability assessment completed
  4. Risk mitigation established

46. Risk management encompasses three processes: risk assessment, risk mitigation, and what other element?

  1. System development life cycle
  2. Risk analysis
  3. Evaluation and assessment
  4. Threat analysis

47. Risk management is the process that allows IT managers to balance the operational and what other element of protective measures?

  1. Cost
  2. Technology
  3. Mission
  4. Politics

48. Effective risk management must be totally integrated into what process?

  1. IPL
  2. SDLC
  3. Security perimeter
  4. Disposal

49. Senior management depends on an effective risk analysis process to make informed business decisions. This management responsibility is called:

  1. Due diligence
  2. Due proxy
  3. Due date
  4. DEW line

50. What is the first process in the risk management methodology?

  1. Records retention
  2. Likelihood
  3. Fault tolerance
  4. Risk analysis

51. The results of the likelihood that a given threat-source were to be used is termed:

  1. Vulnerability
  2. Risk
  3. Control
  4. Probability

52. There are three basic forms of threat-sources. These are human threats, environmental threats, and what other kind of threat?

  1. Tangible
  2. Intangible
  3. Terror
  4. Natural

53. A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised and result in a security breach or violation of the system’s security policy is called:

  1. Vulnerability
  2. Typical
  3. Virus
  4. Logic bomb

54. Two major types of risk analysis are:

  1. Threat and controls
  2. Errors and omissions
  3. Quantitative and qualitative
  4. Vulnerability and management

55. A systematic methodology used by senior management to reduce mission risk is termed:

  1. Risk transfer
  2. Risk limitation
  3. Accepting the risk
  4. Risk mitigation

56. To convey a risk by using other options to compensate for loss, such as purchasing insurance, is referred to as:

  1. Risk transfer
  2. Risk assumption
  3. Risk planning
  4. Risk limitation

57. To check a risk by implementing controls that minimize the adverse impact of the threat’s exercising a vulnerability (such as use of supporting, preventive, detective controls) is referred to as:

  1. Risk transfer
  2. Risk assumption
  3. Risk planning
  4. Risk limitation

58. The types of controls focused on stopping a security breach from occurring in the first place are termed:

  1. Containment
  2. Preventive
  3. Detection
  4. Recovery

59. An audit log is an example of what type of control?

  1. Containment
  2. Preventive
  3. Detection
  4. Recovery

60. To allocate resources and implement cost-effective controls, organizations, after identifying all possible controls and evaluating their feasibility and effectiveness, should perform what form of additional analysis?

  1. Vulnerability analysis
  2. Cost-benefit analysis
  3. Qualitative
  4. Quantitative

61. Which of the following is not a responsibility of the data or systems owner?

  1. To identify, describe, and designate the sensitivity of their applications systems
  2. To ensure that appropriate security control requirements are included in specifications
  3. To assess security requirements by evaluating application assets, threats, and vulnerabilities
  4. To develop industry best practices

62. Which of the following attacks would compromise the integrity of system information?

  1. Denial-of-service
  2. Smurf
  3. SQL Injection
  4. Fraggle

63. A policy for the physical component of the information technology infrastructure could work with all of the following except:

  1. Firewalls
  2. ID badges
  3. Cameras
  4. Security guards

64. Which of the following is not an example of the platform component of information technology infrastructure?

  1. Switch security
  2. Operating system security
  3. Application security
  4. Anti-virus

65. Which of the following is an example of the network component of information technology infrastructure?

  1. Switch security
  2. Operating system security
  3. Application security
  4. Anti-virus

66. When implementing a security control, an information security manager needs to be especially aware of:

  1. Change control management
  2. What the organization’s competition is doing
  3. A promotion to production procedure
  4. The impact on the end-user community

 

Leave a Reply