TRUE/FALSE
1. A control classified as preventative has to be known by aperson in order to be effective.
2. For an intangible impact, assigning a financial value of theimpact is easy.
3. All risks need to be mitigated or controlled.
Multiple choice
4. Which term refers to the possibility of suffering harm orloss?
A. Risk
B. Hazard
C. Threat vector
D. Threat actor
5. Which action is an example of transferring risk?
A. Management purchases insurance for the occurrence of therisk.
B. Management applies controls that reduce the impact of anattack.
C. Management has decided to accept responsibility for the riskif it does happen.
D. Management has decided against deploying a module thatincreases risk.
6. Which term refers to ensuring proper procedures are followedwhen modifying the IT infrastructure?
A. Qualitative risk assessment
B. Quantitative risk assessment
C. Configuration management
D. Change management
7. What is the first step in the general risk managementmodel?
A. Asset identification
B. Threat assessment
C. Impact determination and quantification
D. Residual risk management
8. Which event is an example of a tangible impact?
A. Breach of legislation or regulatory requirements
B. Loss of reputation or goodwill (brand damage)
C. Endangerment of staff or customers
D. Breach of confidence
9. If you have a farm of five web servers and two of them break,what is the exposure factor (EF)?
A. 0 percent
B. 20 percent
C. 40 percent
D. 100 percent
10. Which term refers to the path or tool used by an attacker toattack a target?
A. Baseline monitor
B. Threat vector
C. Configuration scanner
D. Target actor