Filters
Question type
Study Flashcards

Which of the following risks relates to negative public opinion?


A) Operational risk
B) Strategic risk
C) Financial risk
D) Reputational risk

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

Which of the following is the leading membership organization for Boards and Directors in the U.S.?


A) ISO
B) NIST
C) CERT
D) NACD

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Which of the following best describes residual risk?


A) The likelihood of occurrence of a threat
B) The level of risk before security measures are applied
C) The level of risk after security measures are applied
D) The impact of risk if a threat is realized

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Which of the following is a systematic, evidence-based evaluation of how well an organization conforms to such established criteria as Board-approved policies, regulatory requirements, and internationally recognized standards, such as the ISO 27000 series?


A) Audit report
B) Cybersecurity audit
C) CMM
D) CISA

E) C) and D)
F) B) and D)

Correct Answer

verifed

verified

B

Which of the following risk assessment methodologies was originally developed by CERT?


A) FAIR
B) OCTAVE
C) RMF
D) CMM

E) All of the above
F) C) and D)

Correct Answer

verifed

verified

B

In the NIST Cybersecurity Framework, which governance subcategory references legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations?


A) ID.GV-1
B) ID.GV-2
C) ID.GV-3
D) ID.GV-4

E) B) and C)
F) None of the above

Correct Answer

verifed

verified

Which of the following is a characteristic of the silo-based approach to cybersecurity?


A) Compliance is discretionary.
B) Security is the responsibility of the IT department.
C) Little or no organizational accountability exists.
D) All of the above

E) B) and C)
F) A) and D)

Correct Answer

verifed

verified

D

Which of the following is the objective of risk assessment?


A) Identify the inherent risk
B) Determine the impact of a threat
C) Calculate the likelihood of a threat occurrence
D) All of the above

E) A) and C)
F) A) and B)

Correct Answer

verifed

verified

Which of the following provides a model for understanding, analyzing, and quantifying information risk in quantitative financial and business terms?


A) RMF
B) NIST
C) FAIR
D) OCTAVE

E) B) and C)
F) A) and B)

Correct Answer

verifed

verified

Which of the following statements best describes strategic risk?


A) Risk that relates to monetary loss
B) Risk that relates to adverse business decisions
C) Risk that relates to loss resulting from inadequate or failed processes or systems
D) Risk that relates to violations of laws, rules, regulations, or policy

E) B) and D)
F) None of the above

Correct Answer

verifed

verified

Which of the following refers to directives that codify organizational requirements?


A) Guidelines
B) Standards
C) Policies
D) Baselines

E) B) and D)
F) A) and D)

Correct Answer

verifed

verified

OCTAVE is short for which of the following?


A) Operationally Critical Threat, Assessment, and Vulnerability Evaluation
B) Operationally Critical Threat, Asset, and Vulnerability Evaluation
C) Optimized Critical Threat, Assessment, and Vulnerability Evaluation
D) Optimized Critical Threat, Asset, and Vulnerability Evaluation

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

The two approaches to cybersecurity are silo-based and __________.


A) integrated
B) operational
C) environmental
D) strategic

E) None of the above
F) A) and B)

Correct Answer

verifed

verified

Which of the following statements best describes risk transfer?


A) It shifts a portion of the risk responsibility or liability to other organizations.
B) It shifts the entire risk responsibility to other organizations.
C) It takes steps to eliminate or modify the risk.
D) None of the above

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

At which of the following states of the CMM scale are there no documented policies and processes?


A) Ad hoc
B) Defined process
C) Optimized
D) Nonexistent

E) A) and B)
F) None of the above

Correct Answer

verifed

verified

Which of the following refers to how much of the undesirable outcome a risk taker is willing to accept in exchange for the potential benefit?


A) Risk tolerance
B) Risk mitigation
C) Risk management
D) Risk acceptance

E) All of the above
F) A) and C)

Correct Answer

verifed

verified

Which of the following is the final step in the NIST Risk Assessment methodology?


A) Communicate the results.
B) Prepare for the assessment.
C) Conduct the assessment.
D) Maintain the assessment.

E) A) and B)
F) A) and D)

Correct Answer

verifed

verified

Which of the following is the magnitude of harm?


A) Risk
B) Threat
C) Impact
D) Vulnerability

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Which of the following refers to the level of risk before security measures are applied?


A) Residual risk
B) Vulnerability
C) Inherent risk
D) Impact

E) A) and B)
F) A) and C)

Correct Answer

verifed

verified

Which of the following refers to the process of managing, directing, controlling, and influencing organizational decisions, actions, and behaviors?


A) Governance
B) Risk sharing
C) Risk management
D) CMM

E) A) and D)
F) All of the above

Correct Answer

verifed

verified

Showing 1 - 20 of 20

Related Exams

Exam 1

Understanding Cybersecurity Policy and Governance

20 Questions

Exam 2

Cybersecurity Policy Organization, Format, and Styles

20 Questions

Exam 3

Cybersecurity Framework

20 Questions

Exam 5

Asset Management and Data Loss Prevention

19 Questions

Exam 6

Human Resources Security

20 Questions

Exam 7

Physical and Environmental Security

19 Questions

Exam 8

Communications and Operations Security

19 Questions

Exam 9

Access Control Management

18 Questions

Exam 10

Information Systems Acquisition, Development, and Maintenance

20 Questions

Exam 11

Cybersecurity Incident Response

20 Questions

Exam 12

Business Continuity Management

20 Questions

Exam 13

Regulatory Compliance for Financial Institutions

20 Questions

Exam 14

Regulatory Compliance for the Health-Care Sector

20 Questions

Exam 15

PCI Compliance for Merchants

20 Questions

Exam 16

Nist Cybersecurity Framework

20 Questions

Show Answer