FEDVTE FUNDAMENTALS OF CYBER RISK MANAGEMENT QUESTIONS WITH CORRECT ANSWERS

Which of the following families of controls belong to the technical class of controls? CORRECT ANSWER Identification and Authentication Which of the following is a management strategy for addressing risk? CORRECT ANSWER Accept Cyber risk management solutions are typically done through which categories of security controls? CORRECT ANSWER Technical, Physical, Administrative There are agreements organizations may enter into where one party is willing to accept an amount of risk from another. That transfer is a strategy for managing risk. CORRECT ANSWER TRUE Which security principle is concerned with the unauthorized modification of important or sensitive information? CORRECT ANSWER Integrity Simulating attack from a malicious source could be part of penetration testing. CORRECT ANSWER TRUE Which of the following is an example of a physical control? CORRECT ANSWER Security guard Incident response planning phase 1 (preparation) calls for: CORRECT ANSWER Not B or C The inputs (threat source motivation, threat capacity, nature of vulnerability, and current controls) will aid in generating output used in which step of the NIST SP risk assessment guidance? CORRECT ANSWER Likelihood Determination The threat-source is motivated and capable, but controls are in place that may impede successful exercise of the vulnerability. Which likelihood rating does this describe? CORRECT ANSWER Medium Which technical control places publicly accessible servers in a special network separated from the internal network? CORRECT ANSWER De-Militarized Zone Establishing the context and providing common perspective on how organizations manage risk is the goal of: CORRECT ANSWER Risk Framing