1. The identification and assessment of levels of risk in an organization describes which of the following?
- Risk identification
- Risk management
- Risk reduction
- Risk analysis
2. Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk assessment process?
- Assigning a value to each information asset
- Creating an inventory of information assets
- Classifying and organizing information assets into meaningful groups
- Calculating the severity of risks to which assets are exposed in their current setting
3. The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.
- Risk assessment estimate factors
- Vulnerability mitigation controls
- Attack analysis calculation
- Exploit likelihood equation
4. Which of the following describes an organization’s efforts to reduce damage caused by a realized incident or disaster through planning and preparation?
- Mitigation
- Transference
- Avoidance
- Acceptance
- Risk appetite
- Risk termination
- Residual risk
- Risk assurance
No comments:
Post a Comment