Managing Risk

Question 1

When is risk avoidance a logical choice?

• When cyber insurance is available
• When cyber insurance is unavailable
• When the level of risk is acceptable
• When the level of risk is unacceptable

Answer 1

When the level of risk is unacceptable

Question 2

What is the relationship between risk acceptance and security controls?

• Security controls must be continuously monitored
• Security controls are not a part of risk acceptance
• Security controls must have changed default values
• Security controls must cost less than the asset being protected

Answer 2

Security controls are not a part of risk acceptance

Question 3

What is the first step when conducting a risk assessment?

• Identify threats
• Determine threat likelihood
• Inventory assets
• Assign a value to assets

Answer 3

Inventory assets

Question 4

Which type of risk treatment applies security controls to reduce threat impact?

• Risk acceptance
• Risk reduction
• Risk transfer
• Risk avoidance

Answer 4

Risk reduction

Question 5

What is the purpose of calculating the Annual Loss Expectancy (ALE)?

• To determine the percentage of asset loss
• To determine the maximum cost that should be spent on mitigating security controls
• To determine threat likelihood
• To determine compliance with applicable regulations

Answer 5

To determine the maximum cost that should be spent on mitigating security controls

Question 6

Which are examples of risk transfer strategies?

• Implementing mitigating security controls
• The use of cloud computing
• Not engaging in risky business ventures
• Cyber security insurance

Answer 6

The use of cloud computing
Cyber security insurance

Question 7

Which items would be documented in a risk register?

• Cost of security control
• Risk owner
• Past threat history
• Threat impact

Answer 7

Risk owner
Threat impact