Unit 1
1. Risk management is responding to a negative event when it occurs.
A. True
B. False 2. With respect to IT security, a risk can result in either a positive or a negative effect.
A. True
B. False 3. According to PMI, which term describes the list of identied risks?
A. Risk checklist
B. Risk register
C. Risk methodology
D. Mitigation list 4. Which type of risk analysis uses formulas and numerical values to indicate risk severity?
A. Objective risk analysis
B. Qualitative risk analysis
C. Subjective risk analysis
D. Quantitative risk analysis 5. Which type of risk analysis uses relative ranking?
A. Objective risk analysis
B. Qualitative risk analysis
C. Subjective risk analysis
D. Quantitative risk analysis 6. Which risk-analysis value represents the annual probability of a loss?
A. EF
B. SLE
C. ALE
D. ARO 7. Which risk-response option would best describe purchasing re insurance?
A. Accept
B. Mitigate
C. Transfer
D. Avoid 8. Which risk response would be most appropriate if the impact of a risk becoming a reality is negligible?
A. Accept
B. Mitigate
C. Transfer
D. Avoid 9. Which of the following statements best describes the relationship of a BCP to a DRP?
A. A BCP is required but a DRP is not
B. A DRP is a component of a BCP
C. A DRP is required but a BCP is not
D. A BCP is a component of a DRP 10. Which term is used to indicate the amount of data loss that is acceptable?
A. RAI
B. ROI
C. RTO
D. RPO 11. A(n) ________ identies processes that are critical to the operation of a business. 12. Which risk-assessment methodology is marketed as a self-directed approach and has two different editions for organizations of different sizes?
A. CRAMM
B. OCTAVE
C. NIST
D. EBIOS 13. ________ is the U.S. security-related act that governs health-related
A. True
B. False 2. With respect to IT security, a risk can result in either a positive or a negative effect.
A. True
B. False 3. According to PMI, which term describes the list of identied risks?
A. Risk checklist
B. Risk register
C. Risk methodology
D. Mitigation list 4. Which type of risk analysis uses formulas and numerical values to indicate risk severity?
A. Objective risk analysis
B. Qualitative risk analysis
C. Subjective risk analysis
D. Quantitative risk analysis 5. Which type of risk analysis uses relative ranking?
A. Objective risk analysis
B. Qualitative risk analysis
C. Subjective risk analysis
D. Quantitative risk analysis 6. Which risk-analysis value represents the annual probability of a loss?
A. EF
B. SLE
C. ALE
D. ARO 7. Which risk-response option would best describe purchasing re insurance?
A. Accept
B. Mitigate
C. Transfer
D. Avoid 8. Which risk response would be most appropriate if the impact of a risk becoming a reality is negligible?
A. Accept
B. Mitigate
C. Transfer
D. Avoid 9. Which of the following statements best describes the relationship of a BCP to a DRP?
A. A BCP is required but a DRP is not
B. A DRP is a component of a BCP
C. A DRP is required but a BCP is not
D. A BCP is a component of a DRP 10. Which term is used to indicate the amount of data loss that is acceptable?
A. RAI
B. ROI
C. RTO
D. RPO 11. A(n) ________ identies processes that are critical to the operation of a business. 12. Which risk-assessment methodology is marketed as a self-directed approach and has two different editions for organizations of different sizes?
A. CRAMM
B. OCTAVE
C. NIST
D. EBIOS 13. ________ is the U.S. security-related act that governs health-related