CIS 481-20: INTRO TO INFORM SECURITY CH4

• Question 1

  2 out of 2 points

  	____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization’s stakeholders.
  	Selected Answer:   Operational Correct Answer:  Operational

• Question 2

  1 out of 1 points

  	Once the organizational threats have been identified, an assets identification process is undertaken.
  	Selected Answer:  False Correct Answer:  False

• Question 3

  2 out of 2 points

  	The ____ strategy attempts to prevent the exploitation of the vulnerability.
  	Selected Answer:   defend control Correct Answer:  defend control

• Question 4

  1 out of 1 points

  	The amount of money spent to protect an asset is based in part on the value of the asset.
  	Selected Answer:  True Correct Answer:  True

• Question 5

  0 out of 2 points

  	Risk ____ is the application of controls to reduce the risks to an organization’s data and information systems.
  	Selected Answer:   management Correct Answer:  control

• Question 6

  1 out of 1 points

  	Comprehensive means that an information asset should fit in only one category.
  	Selected Answer:  False Correct Answer:  False

• Question 7

  2 out of 2 points

  	The first phase of risk management is ____.
  	Selected Answer:   risk identification Correct Answer:  risk identification

• Question 8

  2 out of 2 points

  	____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
  	Selected Answer:   Risk Correct Answer:  Risk

• Question 9

  2 out of 2 points

  	The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.
  	Selected Answer:   transfer control Correct Answer:  transfer control

• Question 10

  2 out of 2 points

  	Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
  	Selected Answer:   appetite Correct Answer:  appetite

• Question 11

  1 out of 1 points

  	Metrics-based measures are generally less focused on numbers and more strategic than process-based measures.
  	Selected Answer:  False Correct Answer:  False

• Question 12

  2 out of 2 points

  	When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.
  	Selected Answer:   standard of due care Correct Answer:  standard of due care

• Question 13

  2 out of 2 points

  	The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
  	Selected Answer:   accept control Correct Answer:  accept control

• Question 14

  1 out of 1 points

  	If every vulnerability identified in the organization is handled through mitigation, it may reflect an inability to conduct proactive security activities and an apathetic approach to security in general.
  	Selected Answer:  False Correct Answer:  False

• Question 15

  2 out of 2 points

  	There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.
  	Selected Answer:   dumpster diving Correct Answer:  dumpster diving