- All Exams Instant Download
The exposure factor of a threat to your organization is defined by?
The exposure factor of a threat to your organization is defined by?A . Asset value times exposure factor B. Annual rate of occurrence C. Annual loss expectancy minus current cost of controls D. Percentage of loss experienced due to a realized threat eventView AnswerAnswer: D
A method to transfer risk is to:
A method to transfer risk is to:A . Implement redundancy B. move operations to another region C. purchase breach insurance D. Alignment with business operationsView AnswerAnswer: C
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?A . The organization uses exclusively a quantitative process to measure risk B. The organization uses exclusively a qualitative process to measure risk C. The organization’s risk tolerance is high D. The organization’s...
Which of the following international standards can be BEST used to define a Risk Management process in an organization?
Which of the following international standards can be BEST used to define a Risk Management process in an organization?A . National Institute for Standards and Technology 800-50 (NIST 800-50) B. International Organization for Standardizations C 27005 (ISO-27005) C. Payment Card Industry Data Security Standards (PCI-DSS) D. International Organization for Standardizations...
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?
According to the National Institute of Standards and Technology (NIST) SP 800-40, which of the following considerations are MOST important when creating a vulnerability management program?A . Susceptibility to attack, mitigation response time, and cost B. Attack vectors, controls cost, and investigation staffing needs C. Vulnerability exploitation, attack recovery, and...
Payment Card Industry (PCI) compliance requirements are based on what criteria?
Payment Card Industry (PCI) compliance requirements are based on what criteria?A . The types of cardholder data retained B. The duration card holder data is retained C. The size of the organization processing credit card data D. The number of transactions performed per year by an organizationView AnswerAnswer: D
What immediate action should the information security manager take?
A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?A . Enforce the existing security standards and do not allow the deployment of the new technology....
When briefing senior management on the creation of a governance process, the MOST important aspect should be:
When briefing senior management on the creation of a governance process, the MOST important aspect should be:A . information security metrics. B. knowledge required to analyze each issue. C. baseline against which metrics are evaluated. D. linkage to business area objectives.View AnswerAnswer: D
Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?
Which of the following is of MOST importance when security leaders of an organization are required to align security to influence the culture of an organization?A . Poses a strong technical background B. Understand all regulations affecting the organization C. Understand the business goals of the organization D. Poses a...
What is a difference from the list below between quantitative and qualitative Risk Assessment?
What is a difference from the list below between quantitative and qualitative Risk Assessment?A . Quantitative risk assessments result in an exact number (in monetary terms) B. Qualitative risk assessments result in a quantitative assessment (high, medium, low, red, yellow, green) C. Qualitative risk assessments map to business objectives D....
