SEC+ Revision Questions Risk Analysis Flashcards
You are conducting a risk analysis for a stock brokerage firm in Miami, Florida. What factors should you consider? (Choose two.)
A. Server downtime because of earthquakes
B. Destruction of government regulation documentation because of fire
C. Server downtime because of power outages
D. Customer invoicing data destroyed because of fire
C. Server downtime because of power outages
&
D. Customer invoicing data destroyed because of fire
You are responsible for completing an IT asset report for your company. All IT-related equipment and data must be identified and given a value. What term best describes what you must next do?
A. Asset identification
B. Risk assessment
C. Risk mitigation
D. Threat analysis
A. Asset identification
You are identifying security threats to determine the likelihood of virus infection. Identify potential sources of infection. (Choose two.)
A. USB flash drives
B. USB keyboard
C. Smartcard
D. Downloaded documentation from a business partner web site
A. USB flash drives
&
D. Downloaded documentation from a business partner web site
During a risk analysis meeting you are asked to specify internal threats being considered. Choose which item is not considered an internal threat from the list that follows.
A. Embezzlement
B. Hackers breaking in through the firewall
C. Employees using corporate assets for personal gain
D. Users plugging in personal USB flash drives
B. Hackers breaking in through the firewall
A client conveys their concern to you regarding malicious Internet users gaining access to corporate resources. What type of assessment would you perform to determine this likelihood?
A. Threat assessment
B. Risk analysis
C. Asset identification
D. Total cost of ownership
A. Threat assessment
You are an IT consultant performing a risk analysis for a seafood company. The client is concerned with specific cooking and packaging techniques the company uses being disclosed to competitors. What type of security concern is this?
A. Integrity
B. Confidentiality
C. Availability
D. Authorization
B. Confidentiality
After identifying internal and external threats, you must determine how these potential risks will affect business operations. What is this called?
A. Risk analysis
B. Fault tolerance
C. Availability
D. Impact analysis
D. Impact analysis
When determining how best to mitigate risk, which items should you consider? (Choose two.)
A. Insurance coverage
B. Number of server hard disks
C. How fast CPUs in new computers will be
D. Network bandwidth
A. Insurance coverage
&
B. Number of server hard disks
An insurance company charges an additional $200 monthly premium for natural disaster coverage for your business site. What figure must you compare this against to determine whether to accept this additional coverage?
A. ALE
B. ROI
C. Total cost of ownership
D. Total monthly insurance premium
A. ALE
You are listing preventative measures for potential risks. Which of the following would you document? (Choose three.)
A. Larger flat-screen monitors
B. Data backup
C. Employee training
D. Comparing reliability of network load balancing appliances
B. Data backup
&
C. Employee training
&
D. Comparing reliability of network load balancing appliances
Which of the following is true regarding qualitative risk analysis?
A. Only numerical data is considered.
B. ALE must be calculated.
C. Threats must be identified.
D. ROI must be calculated.
C. Threats must be identified.
Which values must be calculated to derive annual loss expectancy? (Choose two.)
A. Single loss expectancy
B. Annual rate of occurrence
C. Monthly loss expectancy
D. Quarterly loss expectancy
A. Single loss expectancy
&
B. Annual rate of occurrence
You are the server expert for a cloud computing firm named Cloud Nine Computing. Management would like to set aside funds to respond to server downtime risks. Using historical data, you determine the probability of server downtime is 17 percent. Past data suggests the server would be down for an average of one hour and that $3,000 of revenue can be earned in one hour. You must calculate the annual loss expectancy (ALE). Choose the correct ALE.
A. $300
B. $510
C. $3,000
D. $36,000
B. $510
Your boss asks you to calculate how much money the company loses when critical servers required by employees are down for 2 hours. You have determined that the probability of this happening is 70 percent. The company has 25 employees each earning $18.50 per hour. Choose the correct value.
A. $12.95
B. $18.50
C. $323.75
D. $3,885
C. $323.75
Your company is considering having the e-mail server hosted by Hosted Solutions, Inc., to reduce hardware and mail server technician costs at the local site. What type of document formally states the reliability and recourse if the reliability is not met?
A. BPA
B. MOU
C. SLA
D. ISA
C. SLA
Which term best describes monies spent to minimize the impact that threats and unfavorable conditions have on a business?
A. Risk management
B. Security audit
C. Budgetary constraints
D. Impact analysis
A. Risk management
Which risk analysis approach makes use of ALE?
A. Best possible outcome
B. Quantitative
C. ROI
D. Qualitative
B. Quantitative
You are presenting data at a risk analysis meeting. During your presentation you display a list of ALE values sorted ranked by dollar amount. Bob, a meeting participant, asks how reliable the numeracy used to calculate the ALE is. What can you tell Bob?
A. The numbers are 100 percent reliable.
B. The numbers are 50 percent reliable.
C. ALEs are calculated using probability values that vary.
D. ALEs are calculated using percentages and are accurate.
C. ALEs are calculated using probability values that vary.
Which of the following should be performed when conducting a qualitative risk assessment? (Choose two.)
A. Asset valuation
B. ARO
C. SLE
D. Ranking of potential threats
A. Asset valuation
&
D. Ranking of potential threats
You are the IT security analyst for Big John’s Gourmet Foods. Big John’s plans to open a plant in Oranjestad, Aruba, next year. You are meeting with a planning committee in the next week and must come up with questions to ask the committee about the new location so you can prepare
a risk analysis report. Which of the following would be the most relevant questions to ask? (Choose two.)
A. How hot does it get in the summer?
B. How reliable is the local power?
C. What kind of physical premise security is in place?
D. How close is the nearest highway?
B. How reliable is the local power?
&
C. What kind of physical premise security is in place?
Your corporate web site is being hosted by an Internet service provider. How does this apply to the concept of risk?
A. Risk avoidance
B. Risk transference
C. Risk analysis
D. Increase in ALE
B. Risk transference
Which of the following regarding risk management is true?
A. Funds invested in risk management could have earned much more profit if spent elsewhere.
B. ALEs are only estimates and are subject to being inaccurate.
C. IT security risks are all handled by the corporate firewall.
D. Qualitative risk analysis results are expressed in dollar amounts.
B. ALEs are only estimates and are subject to being inaccurate.
Your competitors are offering a new product that is predicted to sell well. After much careful study, your company has decided against launching a competing product because of the uncertainty of the market and the enormous investment required. Which term best describes your company’s decision?
A. Risk analysis
B. Risk transfer
C. Risk avoidance
D. Product avoidance
C. Risk avoidance
How can management determine which risks should be given the most attention?
A. Threat vector
B. Rank risks by likelihood
C. Rank risks by probable date of occurrence
D. Rank risks by SLE
B. Rank risks by likelihood
