FedVTE Cyber Risk Management for Managers questions and answers graded A+.

FedVTE Cyber Risk Management for Managers questions and answers graded A+. Of the risk mitigation steps, in which step does management determine the most cost-effective control(s) for reducing risk to the organization's mission? - correct answers.Step 4: Select Controls Which site is fully equipped, requiring only a short setup time due to restoring data backups and configurations? - correct answers.Hot Data classification directly impacts which of the following? - correct answers.All of the above A self-replicating program that requires user intervention to spread, and is typically comprised of a replication element and a payload is a(n)? - correct answers.Virus In managing risks, eliminating the asset's exposure to risk, or eliminating the asset altogether, describes which one of the following? - correct answers.Avoid Which type of analysis is often expressed as: annual loss expectancy = (asset value x exposure factor) x annual rate of occurrence? - correct answers.Quantitative Analysis Covert security testing (white hat testing) involves testing without the knowledge of the organization's IT staff. - correct answers.False People, information, and technology are examples of? - correct answers.Assets Providing a basis for trust between organizations that depend on the information processed, stored, or transmitted by those systems is an Assurance "Expectation." - correct answers.False Judgmental Valuation is considering variables such as technical complexity, control procedures in place, and financial loss. - correct answers.False Low humidity within a server room could result in a static electricity build-up/discharge. - correct answers.True Network architecture and configurations are part of which category of vulnerabilities? - correct answers.Design Vulnerabilities Which of the following does an effective monitoring program NOT include? - correct answers.Security impact analyses on proposed or actual changes to the information system and its environment of operation Which of the following technical controls place servers that are accessible to the public in a special network? - correct answers.De-Militarized Zone A locking mechanism which is controlled by a mechanical key pad is known as? - correct answers.Cipher lock The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? - correct answers.False Which of the following families of controls belongs to the technical class of controls? - correct answers.Identification and Authentication NAT is a network address translation which makes a bridge between a local network and the Internet and maps network ports. - correct answers.False Which one of the following is a challenge of determining impact and risk? - correct answers.All of the above Which of the following is the ability to hide messages in existing data? - correct answers.Steganography A vulnerability is described as "A flaw or weakness in system security procedures, design, implementation, or internal controls that, if exercised (accidentally triggered or intentionally exploited), would result in a security breach or a violation of the system's security policy." - correct answers.True Attack scripts target web browsers such as IE, through XSS, and are typically written in JavaScript. - correct answers.True Which risk comes from a failure of the controls to properly mitigate risk? - correct answers.Control Which of the following malware will allow an attacker to dynamically install additional malware? - correct answers.Downloader The threat-source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. Which likelihood rating does this describe? - correct answers.Medium The minimum assurance requirement which assessors conducting security assessments should evaluate to is provided in NIST SP 800-53. - correct answers.True Simulating attack from a malicious source could be part of penetration testing. - correct answers.True NIST SP 800-30 defines risk as "a function of the likelihood of a given threat-source exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization." - correct answers.True Judgmental Valuation is a decision made based upon business knowledge, executive management directives, historical perspectives, business goals, and environmental factors. - correct answers.True A DoS attack which generates more traffic than a network segment or route can handle is attacking which point within a network? - correct answers.Bandwidth Software as a Service is one class of Cloud Computing. - correct answers.True Which tier of Risk Management is associated with Enterprise Architecture? - correct answers.Tier 2, Mission, Business Process A business operation review is conducted to: - correct answers.All of the above Which of the following firewall implementations is a combination of a packet filter with bastion host? - correct answers.Screened-host Which NIST special publication is a guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach? - correct answers.NIST SP 800-37