- All Exams Instant Download
What two methods are used to assess risk impact?
What two methods are used to assess risk impact?A . Cost and annual rate of expectance B. Subjective and Objective C. Qualitative and percent of loss realized D. Quantitative and qualitativeView AnswerAnswer: D
The success of the Chief Information Security Officer is MOST dependent upon:
The success of the Chief Information Security Officer is MOST dependent upon:A . favorable audit findings B. following the recommendations of consultants and contractors C. development of relationships with organization executives D. raising awareness of security issues with end usersView AnswerAnswer: C
Which of the following is the MOST important for a CISO to understand when identifying threats?
Which of the following is the MOST important for a CISO to understand when identifying threats?A . How vulnerabilities can potentially be exploited in systems that impact the organization B. How the security operations team will behave to reported incidents C. How the firewall and other security devices are configured...
Risk appetite directly affects what part of a vulnerability management program?
Risk appetite directly affects what part of a vulnerability management program?A . Staff B. Scope C. Schedule D. Scan toolsView AnswerAnswer: B
Which of the following are the MOST important factors for proactively determining system vulnerabilities?
Which of the following are the MOST important factors for proactively determining system vulnerabilities?A . Subscribe to vendor mailing list to get notification of system vulnerabilities B. Deploy Intrusion Detection System (IDS) and install anti-virus on systems C. Configure firewall, perimeter router and Intrusion Prevention System (IPS) D. Conduct security...
Which of the following is MOST likely to be discretionary?
Which of the following is MOST likely to be discretionary?A . Policies B. Procedures C. Guidelines D. StandardsView AnswerAnswer: C
Risk that remains after risk mitigation is known as
Risk that remains after risk mitigation is known asA . Persistent risk B. Residual risk C. Accepted risk D. Non-tolerated riskView AnswerAnswer: B
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?
Which of the following is the PRIMARY purpose of International Organization for Standardization (ISO) 27001?A . Use within an organization to formulate security requirements and objectives B. Implementation of business-enabling information security C. Use within an organization to ensure compliance with laws and regulations D. To enable organizations that adopt...
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD.
After a risk assessment is performed, a particular risk is considered to have the potential of costing the organization 1.2 Million USD. This is an example ofA . Risk Tolerance B. Qualitative risk analysis C. Risk Appetite D. Quantitative risk analysisView AnswerAnswer: D
Which of the following risk strategy options have you engaged in?
You have implemented a new security control. Which of the following risk strategy options have you engaged in?A . Risk Avoidance B. Risk Acceptance C. Risk Transfer D. Risk MitigationView AnswerAnswer: D
