1
Q
An effective risk management plan will not include which of the following?A. Risk avoidanceB. Risk response planningC. Risk monitoringD. Priority
A
Answer: D
Priority is a Disaster Recovery strategy.
2
Q
Identify the method not used for performing a qualitative project risk analysis.
A. Risk tolerance
B. Probability impact matrix
C. Historic records
A
Answer: A
It is the measure of willingness of a stakeholder to avoid risk.
3
Q
Choose the one that does not belong to the four points of main studies used in order tomanage a given risk.A. StrengthB. WeaknessC. ThreatsD. DMZ
A
Answer: D
It is an example of risk domain.
4
Q
Which one is not a Risk domain?A. DMZB. Private networkC. DRPD. Mobile Users
A
Answer: C
The DRP (disaster recovery plan) is a policy that defines how an organization will recover from a disaster, whether it is natural
or manmade disaster.
5
Q
“Loss of data availability” helps determine which of the following:
A. The impact of a given risk
B. The likelihood of a risk
A
Answer: A
Loss of data availability is one set of questions to help determine the impact of a given risk.
6
Q
______ includes a list of responsible people who will perform the steps for recovery, inventory
for the hardware and software, and steps to recover from a disaster.
A. Mitigation
B. DRP
C. Transference
D. Response strategy
A
Answer: B
The DRP (disaster recovery plan) includes a list of responsible people who will perform the steps for recovery, inventory for the
hardware and software, and steps to recover from a disaster.
7
Q
Which of the following can function like the primary site within minutes?
A. Hot Site
B. Warm Site
C. Cold Site
A
Answer: A
Hot site is an identical site to the primary site equipped with systems and services just like the primary. Data is duplicated to the
hot site and can function just like the primary one in just a few minutes.
8
Q
In simple terms, Disaster Recovery Plan is:
A. A plan used when the main computer systems fails
B. Prepared to deal with natural disasters only
C. For backup data only
D. Plan for business continuity only
A
Answer: A
Disaster Recovery Plan’s first objective is to ensure the security of the people at all cost. The DRP is a policy that defines how an
organization will recover from a disaster.
9
Q
After a disaster, _____ is the maximum duration of time and a service level within which the
recovery procedure must be completed in order to avoid unacceptable consequences
associated with a break in business continuity.
A. MTD
B. RTO
C. BCP
A
Answer: B
Recovery Time Objective is the maximum duration of time and a service level within which the recovery procedure must be
completed in order to avoid undesirable consequences associated with a break in business continuity.
10
Q
Identify the standards in DRP to backup data.A. JournalingB. Electronic vaultingC. MitigationD. Likelihood
A
Answer: A and B
Journalling is a less expensive method used to protect data. When a disaster strikes, Journaling is used to write the transactions
that were missing in the full backup tape. Electronic vaulting is an alternate location to preserve backed up data. In case of a
disaster, the backup data stored in the electronic vault is restored.
11
Q
The switching process is very fast in:
A. Warm site
B. Hot site
C. Cold site
A
Answer: B
Hot site has all the services and systems as that of the primary location and can switch to a full functional one within minutes.
12
Q
DRP ranks a given disaster and acts based on its rank. Which one of the following is of thehighest priority?A. Short termB. Mid termC. Long term
A
Answer: A
DRP assigns high rank, when a line of service is fully affected, and requires immediate action to recover.
13
Q
_________ decides which services are sensitive for the regular operations to continue.
A. BCP
B. DRP
C. RTO
A
Answer: A
Business continuity plan (BCP) decides which services are sensitive for the regular operations to continue.
14
Q
The risk formula is Risk = Likelihood x Weakness.
True
False
A
Answer: False
Risk = Likelihood x Impact
15
Q
Identification of risk domains and risk exposure are done in the Analysis of Security Risk.
True
False
A
Answer: True
Analyze Security Risk involves identification of risk domains and risk exposure, SWOT analysis list and rank of the risks.
LearnSmart |
16
Q
Business, cost, technology, and process should be the main focus while planning Software risk
impact assessment.
True
False
A
Answer: False
Performance, support, cost of protective measure, and schedules are the primary things that need to be taken care of while
planning for risk management.
17
Q
Risk monitoring involves only watching the risk indicators defined for the project.
True
False
A
Answer: False
Risk monitoring involves not only watching the risk indicators defined for the project, but also determining the effectiveness of
the risk mitigation steps themselves.
18
Q
Risk management refers to the various techniques that minimize the risk and mitigating it.
True
False
A
Answer: True
Risk Management is the process of identifying and mitigating the risks that can make a negative impact on a project or daily
operations.
19
Q
Qualitative risk analysis is done at the later stages of the project.
True
False
A
Answer: False
Qualitative risk analysis is done at the earlier project stages.
20
Q
Likelihood and impact are measured with numbers, from 1 to 9.
True
False
A
Answer: FalseLikelihood and impact are measured with numbers, from 0 to 9, where:0 -3 is low3-6 is medium6-9 is high
21
Q
Response planning phase starts after identifying the risks and ranking them.
True
False
A
Answer: True
Response planning phase starts after Qualitative analysis, which identifies the risks and ranks them.
22
Q
Qualitative analysis use only ranks to measure the impact of identified risk.
True
False
A
Answer: False
Qualitative analysis use words or ranks to measure the impact of identified risk.
23
Q
DRP needs maintenance and evaluation on a timely basis, at least twice a year.
True
False
A
Answer: False
DRP needs maintenance and evaluation on a timely basis, at least once a year DRP plan should be re-evaluated to make sure of
its effectiveness.
24
Q
Drills when performed should focus on equipment only.
True
False
A
Answer: False
Drills when performed should focus not only on equipment, but also on personnel, as the operations cannot continue with one
of them missing.
25
Q
Which of the following defines risk management? Choose all that apply.
A. Understands how security measures are implemented in your environment
B. Gives an idea of threats your system is exposed to
C. Can increase the occurrence of negative events
D. Calculates the risk
A
Answer: A, B, and D
Every new technology and software comes with a new risk, making risk management a necessity for the proper working of the
business. Risk management understands the business procedures and risks involved in it. Risk management can reduce the
occurrence of negative events and increase the positive ones. The primary objective of risk management is to calculate the risk
involved while using new software to improve the daily business operations.
26
Q
Which is not involved in the strategy of Risk Management?
A. Test new products before deployment
B. Risk Response planning
C. Perform vulnerability assessment
D. Evaluate change against your risk policy
A
Answer: B
Risk Response planning is a method in the risk analysis strategy.
27
Q
Which is not a part of response strategy?A. SWOT analysisB. AcceptanceC. AvoidanceD. Mitigation
A
Answer: A
SWOT analysis comes under the analysis of security risks.
28
Q
The two ways used to rate risk projection attempts are likelihood and:
A. Mitigation
B. Transference
C. Impact
A
Answer: C
As per the risk formula, Risk = Likelihood x Impact
29
Q
To determine the impact of a given risk, ask the following, except:
A. What are the benefits and/or motivation for the attacker?
B. Is there an exploit already for this vulnerability?
C. Is there loss of data integrity?
D. Is there sensitive data in risk to be exposed?
A
Answer: A and B
These are both questions used to find out the likelihood of a risk.
30
Q
Risk management can increase the occurrence of negative events and reduce the positive ones.
True
False
A
Answer: False
Risk management can reduce the occurrence of negative events and increase the positive ones.
31
Q
Risk Monitoring is a step in risk analysis.
True
False
A
Answer: True
Risk Identification, Qualitative risk analysis, Quantitative Risk Analysis, Risk Response Planning and Risk Monitoring are the different steps involved in risk analysis.
