Ch. 2

Question 1

Your company is establishing new employment candidate screening processes. Which of the following should be included?
A. Check all references
B. Verify all education
C. Review military records and experience
D. Perform a background check

Answer 1

A. Check all references
B. Verify all education
D. Perform background check

Question 2

How is single loss expectancy (SLE) calculated?
A. threat+vulnerability
B. Asset value ($) * exposure factor
C Annualized rate of occurrence * vulnerability
D. Annualized rate of occurrence * asset value * exposure factor

Answer 2

B. Asset value ($) * exposure factor

Question 3

When a safeguard or a countermeasure is not present or is not sufficient, what remains?
A. Vulnerability
B. Exposure
C. Risk
D. Penentration

Answer 3

A. Vulnerability

Question 4

What is another term for technical controls?
A. Logical controls
B. Access controls
C. Detective controls
D. Preventative Controls

Answer 4

A. Logical controls

Question 5

What is the purpose of quantitative risk analysis?
A. To generate an action plan in response to each identified risk
B. To generate a prioritized list of risks that might adversely affect the project
C. To determine the overall impact that specific risks pose to successful project completion
D. To analyze the already prioritized risks in such a way as to give each a numerable rating

Answer 5

D. To analyze the already prioritized risks in such a way as to give each a numerable rating

Question 6

During business continuity planning, you need to obtain the single loss expectancy (SLE) of the company’s file server. Which formula should you use to determine that?
A. Asset value x exposure factor (EF)
B. Asset value x annualized rate of occurrence (ARO)
C. Exposure factor (EF) x annualized rate of occurrence (ARO)
D. Annualized loss expectancy (ALE) x annualized rate of occurrence (ARO)

Answer 6

A. Asset Value x exposure factor (EF)

Question 7

You are attempting to predict the likelihood a threat will occur, and assigning monetary values in the event a loss occurs. Which technique are you using?
A. Delphi technique
B. Vulnerability assessment
C. Quantitative Risk Analysis
D. Qualitative Risk Analysis

Answer 7

C. Quantitative Risk Analysis

Question 8

When configuring a new network, you decide to use routers and encryption to improve security. Of which type of technical control is this an example?
A. Recovery
B. Detective
C. Deterrent
D. Directive
E. Corrective
F. Preventative

Answer 8

F. Preventative

Question 9

Management is concerned that you cannot implement some access controls because they are to expensive to implement. you have been asked to provide less expensive alternatives to the expensive access controls. Which type of access control will you be providing?
A. Detective
B. Deterrent
C. Recovery
D. Corrective
E. Directive
F. Preventative
G. Compensative

Answer 9

G. Compensative

Question 10

Which of the following is not an element of the risk analysis process?
A. Analyzing an environment for risks
B. Creating a cost/benefit report for safeguards to present to upper management
C. Selecting appropriate safeguards and implementing them
D. Evaluating each threat event as to its likelihood of occuring and cost of the resulting damage.

Answer 10

C. Selecting appropriate safeguards and implementing them