FedVTE Cyber Risk Management for Managers Exam Questions and Answers Fully Solved Graded A+

FedVTE Cyber Risk Management for Managers Exam Questions and Answers Fully Solved Graded A+ Of the risk mitigation steps, in which step does management determine the most cost-effective control(s) for reducing risk to the organization's mission? - Answers Step 4: Select Controls Which site is fully equipped, requiring only a short setup time due to restoring data backups and configurations? - Answers Hot Data classification directly impacts which of the following? - Answers All of the above A self-replicating program that requires user intervention to spread, and is typically comprised of a replication element and a payload is a(n)? - Answers Virus In managing risks, eliminating the asset's exposure to risk, or eliminating the asset altogether, describes which one of the following? - Answers Avoid Which type of analysis is often expressed as: annual loss expectancy = (asset value x exposure factor) x annual rate of occurrence? - Answers Quantitative Analysis Covert security testing (white hat testing) involves testing without the knowledge of the organization's IT staff. - Answers False People, information, and technology are examples of? - Answers Assets Providing a basis for trust between organizations that depend on the information processed, stored, or transmitted by those systems is an Assurance "Expectation." - Answers False Judgmental Valuation is considering variables such as technical complexity, control procedures in place, and financial loss. - Answers False Low humidity within a server room could result in a static electricity build-up/discharge. - Answers True Network architecture and configurations are part of which category of vulnerabilities? - Answers Design Vulnerabilities Which of the following does an effective monitoring program NOT include? - Answers Security impact analyses on proposed or actual changes to the information system and its environment of operation Which of the following technical controls place servers that are accessible to the public in a special network? - Answers De-Militarized Zone A locking mechanism which is controlled by a mechanical key pad is known as? - Answers Cipher lock The risk equation is Risk = Threat x (Likelihood + Impact) x Vulnerability? - Answers False Which of the following families of controls belongs to the technical class of controls? - Answers Identification and Authentication NAT is a network address translation which makes a bridge between a local network and the Internet and maps network ports. - Answers False Which one of the following is a challenge of determining impact and risk? - Answers All of the above Which of the following is the ability to hide messages in existing data? - Answers Steganography A vulnerability is described as "A flaw or weakness in system security procedures, design, implementation, or internal controls that, if exercised (accidentally triggered or intentionally exploited), would result in a security breach or a violation of the system's security policy." - Answers True Attack scripts target web browsers such as IE, through XSS, and are typically written in JavaScript. - Answers True Which risk comes from a failure of the controls to properly mitigate risk? - Answers Control