1
C845 Information Systems Security: Chapter 3
Questions with Correct Answers | Updated
(100% Correct Answers)
Identifies and Prioritizes risks Answer: Risk Assessment
Uses subjective ratings to evaluate risk likelihood and impact
Answer: Qualitative Risk Assessment
Uses object numeric ratings to evaluate risk likelihood and impact
Answer: Quantitative Risk Assessment
The dollar value of an asset Answer: Asset Value (AV)
Expected percentage of damage to an asset Answer: Exposure
Factor (EF)
Expected dollar loss if a risk occurs one time (AV * EF = SLE)
Answer: Single-Loss Expectancy (SLE)
Number of times a risk is expected to occur each year Answer:
Annualized Rate of Occurrence (ARO)
Expected dollar loss from a risk in any given year (SLE * ARO = ALE)
Answer: Annualized Loss Expectancy (ALE)
Average time a nonrepairable component will last Answer: Mean
Time to Failure (MTTF)
© 2025 All rights reserved
, 2
Average time gap between failures of a repairable component
Answer: Mean Time Between Failures (MTBF)
Average time required to return a repairable component to service
Answer: Mean Time to Repair (MTTR)
Process of systematically analyzing potential responses to each risk
and implementing strategies to control those risks appropriately
Answer: Risk Management or Treatment
Avoiding a risk by changing the organization's business practices
Answer: Risk Avoidance
Shifts the impact of a risk to another organization (insurance)
Answer: Risk Transference
Reduces the likelihood or impact of the risk Answer: Risk Mitigation
Accepts the risk without taking further action Answer: Risk
Acceptance
The all set of risks facing an organization Answer: Risk Profile
Test control effectiveness Answer: Control Assessments
Categorize, Select, Implement, Assess, Authorize, Monitor Answer:
NIST Risk Management Framework Steps
Tracks risk information Answer: Risk Register
© 2025 All rights reserved
C845 Information Systems Security: Chapter 3
Questions with Correct Answers | Updated
(100% Correct Answers)
Identifies and Prioritizes risks Answer: Risk Assessment
Uses subjective ratings to evaluate risk likelihood and impact
Answer: Qualitative Risk Assessment
Uses object numeric ratings to evaluate risk likelihood and impact
Answer: Quantitative Risk Assessment
The dollar value of an asset Answer: Asset Value (AV)
Expected percentage of damage to an asset Answer: Exposure
Factor (EF)
Expected dollar loss if a risk occurs one time (AV * EF = SLE)
Answer: Single-Loss Expectancy (SLE)
Number of times a risk is expected to occur each year Answer:
Annualized Rate of Occurrence (ARO)
Expected dollar loss from a risk in any given year (SLE * ARO = ALE)
Answer: Annualized Loss Expectancy (ALE)
Average time a nonrepairable component will last Answer: Mean
Time to Failure (MTTF)
© 2025 All rights reserved
, 2
Average time gap between failures of a repairable component
Answer: Mean Time Between Failures (MTBF)
Average time required to return a repairable component to service
Answer: Mean Time to Repair (MTTR)
Process of systematically analyzing potential responses to each risk
and implementing strategies to control those risks appropriately
Answer: Risk Management or Treatment
Avoiding a risk by changing the organization's business practices
Answer: Risk Avoidance
Shifts the impact of a risk to another organization (insurance)
Answer: Risk Transference
Reduces the likelihood or impact of the risk Answer: Risk Mitigation
Accepts the risk without taking further action Answer: Risk
Acceptance
The all set of risks facing an organization Answer: Risk Profile
Test control effectiveness Answer: Control Assessments
Categorize, Select, Implement, Assess, Authorize, Monitor Answer:
NIST Risk Management Framework Steps
Tracks risk information Answer: Risk Register
© 2025 All rights reserved
