Download Cyber Risk Management for Managers Assessment: Questions and Answers and more Exams Human Resource Management in PDF only on Docsity!
FedVTE Cyber Risk Management for Managers Assessment
Questions with Answers 100% Accuracy
Which step of a risk assessment uses the history of system attacks? A. Step 2: Threat Identification B. Step 3: Vulnerability Identification C. Step 4: Control Analysis D. Step 5: Likelihood Determination - Correct AnswersA. Step 2: Threat Identification In which one of the following is modifying important or sensitive information categorized? A. Confidentiality B. Availability C. Integrity D. All of the above - Correct AnswersC. Integrity Of the risk mitigation steps, in which step does management determine the most cost- effective control(s) for reducing risk to the organization's mission? A. Step 3: Conduct Cost-Benefit Analysis B. Step 4: Select Controls C. Step 5: Assign Responsibility D. Step 6: Develop a Safeguard Implementation Plan - Correct AnswersB. Step 4: Select Controls Which of the following is the set of security controls for an information system that is primarily implemented and executed by people? A. Operational Controls B. Management Controls C. Technical Controls D. All of the above - Correct AnswersA. Operational Controls Software as a Service is one class of Cloud Computing. A. True B. False - Correct AnswersA. True If the availability of a service was critical to your organization, what would you say the impact would be if the service was irrevocably destroyed?
A. High B. Medium C. Low D. None of the above - Correct AnswersA. High Low humidity within a server room could result in a static electricity build-up/discharge. A. True B. False - Correct AnswersA. True Which of the following is the ability to hide messages in existing data? A. Cryptography B. Scareware C. Steganography D. Whaling - Correct AnswersC. Steganography Which of the following firewall implementations is a combination of a packet filter with bastion host? A. Screened-subnet B. Dual-homed C. Boundary D. Screened-host - Correct AnswersD. Screened-host Countermeasures do not reduce a threat or vulnerability. A. True B. False - Correct AnswersB. False Which of the following malware will allow an attacker to dynamically install additional malware? A. Virus B. Attack Script C. Trojan D. Downloader - Correct AnswersD. Downloader Which of the following is an algorithm or hash that uniquely identifies a specific virus, worm or variant of malicious code? A. Heuristics B. Steganography C. Integrity Checkers D. Signature - Correct AnswersB. Steganography
B. False - Correct AnswersB. False Which of the following technical controls place servers that are accessible to the public in a special network? A. Intrusion Detection System B. VPN C. Proxy servers D. De-Militarized Zone - Correct AnswersD. De-Militarized Zone CERT-RMM is a capability model for managing and improving operational resilience. A. True B. False - Correct AnswersA. True Business Impact Analysis addresses which component? A. People B. Information C. Technology D. All of the above - Correct AnswersD. All of the above Which risk comes from a failure of the controls to properly mitigate risk? A. Inherent Risk B. Control Risk C. Residual Risk D. All of the above - Correct AnswersB. Control Risk Attack scripts target web browsers such as IE, through XSS, and are typically written in JavaScript. A. True B. False - Correct AnswersA. True Which of the following is information not approved for general circulation outside the organization where its disclosure would inconvenience the organization or management, but is unlikely to result in serious damage to credibility? A. Proprietary B. Internal Use Only C. Highly Confidential D. Public Documents - Correct AnswersB. Internal Use Only Which of the following families of controls belongs to the technical class of controls?
A. Physical and Environmental Protection B. System and Information Integrity C. Identification and Authentication D. System and Services Acquisition - Correct AnswersC. Identification and Authentication Data classification directly impacts which of the following? A. Availability B. Confidentiality C. Integrity D. All of the above - Correct AnswersD. All of the above Providing a basis for trust between organizations that depend on the information processed, stored, or transmitted by those systems is an Assurance "Expectation." A. True B. False - Correct AnswersB. False The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? A. True B. False - Correct AnswersB. False Which "Service Availability" level defines disrupted service for more than two hours and requires some effort and expense to recover? A. High B. Medium C. Low D. None of the above - Correct AnswersB. Medium Judgmental Valuation is a decision made based upon business knowledge, executive management directives, historical perspectives, business goals, and environmental factors. A. True B. False - Correct AnswersA. True Judgmental Valuation is considering variables such as technical complexity, control procedures in place, and financial loss. A. True B. False - Correct AnswersB. False
In which one of the following is modifying important or sensitive information categorized? A. Confidentiality B. Availability C. Integrity D. All of the above - Correct AnswersC. Integrity A business operation review is conducted to: A. Ensure minimum assurance requirements are met B. Analyse changes C. Account for new threats and vulnerabilities created by changes D. All of the above - Correct AnswersD. All of the above Which one of the following does the Business Continuity Management function perform? A. Identify potential impacts that threaten a business B. Build resilience and capability for effective response C. Safeguard critical interests. Financial, reputation, etc D. All of the above - Correct AnswersD. All of the above Network architecture and configurations are part of which category of vulnerabilities? A. Technical Vulnerabilities B. Design Vulnerabilities C. Procedural & Administrative Vulnerabilities D. None of the above - Correct AnswersB. Design Vulnerabilities The threat-source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. Which likelihood rating does this describe? A. High B. Medium C. Low D. None of the above - Correct AnswersB. Medium Which of the following does an effective monitoring program NOT include? A. Assessment of selected security controls employed within and inherited by the information system B. Configuration management and control processes C. Security impact analyses on proposed or actual changes to the information system and its environment of operation D. None of the above - Correct AnswersNot C
Controls are an action or process for mitigating a vulnerability or otherwise limiting the impact from a realized vulnerability. A. True B. False - Correct AnswersA. True Which one of the following plans provides procedures for relocating information systems operations to an alternate location? A. Disaster Recovery Plan, DRP B. Continuity of Operations, COOP, Plan C. Crisis Communications Plan D. None of the above - Correct AnswersA. Disaster Recovery Plan, DRP A self-replicating program that requires user intervention to spread, and is typically comprised of a replication element and a payload is a(n)? A. Virus B. Worm C. Trojan D. Botnet - Correct AnswersA. Virus A vulnerability is described as "A flaw or weakness in system security procedures, design, implementation, or internal controls that, if exercised (accidentally triggered or intentionally exploited), would result in a security breach or a violation of the system's security policy." A. True B. False - Correct AnswersA. True NIST SP 800-30 defines risk as "a function of the likelihood of a given threat-source exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization." A. True B. False - Correct AnswersA. True People, information, and technology are examples of? A. Services B. Processes C. Assets D. None of the above - Correct AnswersC. Assets
