Question

TRUE/FALSE

1. A control classified as preventative has to be known by a person in order to be effective.

2. For an intangible impact, assigning a financial value of the impact is easy.

3. All risks need to be mitigated or controlled.

Multiple choice

4. Which term refers to the possibility of suffering harm or loss?

A. Risk

B. Hazard

C. Threat vector

D. Threat actor

5. Which action is an example of transferring risk?

A. Management purchases insurance for the occurrence of the risk.

B. Management applies controls that reduce the impact of an attack.

C. Management has decided to accept responsibility for the risk if it does happen.

D. Management has decided against deploying a module that increases risk.

6. Which term refers to ensuring proper procedures are followed when modifying the IT infrastructure?

A. Qualitative risk assessment

B. Quantitative risk assessment

C. Configuration management

D. Change management

7. What is the first step in the general risk management model?

A. Asset identification

B. Threat assessment

C. Impact determination and quantification

D. Residual risk management

8. Which event is an example of a tangible impact?

A. Breach of legislation or regulatory requirements

B. Loss of reputation or goodwill (brand damage)

C. Endangerment of staff or customers

D. Breach of confidence

9. If you have a farm of five web servers and two of them break, what is the exposure factor (EF)?

A. 0 percent

B. 20 percent

C. 40 percent

D. 100 percent

10. Which term refers to the path or tool used by an attacker to attack a target?

A. Baseline monitor

B. Threat vector

C. Configuration scanner

D. Target actor

Answer 1

1) True; Because the person can only take the control in his hand in order to prevent and also able to make changes that will be effective as well.

2) False; For the intangible impact, assigning financial value to it is not easy because it will also affect the financial sector as well

3) True; all risk should be controlled otherwise it will affect the business continuity.

4) a) Risk; Risk is the term that refers to possibility of suffering harm or loss. Because risk can damage the whole infrastructure data and brings loss to the business.

5)d) Management has decided against deploying a module that increases risk.; Risk transfer is basically the transferring the risk from one to another here in this option management is against deployed module which increase the risk.

6c) configuration management is mostly deals with the configuration of the IT infrastructure and configuration management also looks after modification of the infrastructure as well.

7c) Impact determination and quantification. This is the first step of the model because in the step the impact are determined and the risk are calculated.

8b) Loss of reputation or goodwill (brand damage) is an example of tangible impact as it mostly deals with the reputation of the business and even budget of the project.

9c) EF = 40% because two of the web server failed out of 5.

10b) threat vector is used to refer to the path that is used by attackers to attack a target.