AWR-177 Module 4 Questions And Answers With Complete Solutions 100% Correct Answers

___________________ are key to completing a full risk management plan, since the tolerances will determine which hazards may be accepted versus those risk events that need to be limited. - AnswerStakeholder tolerance levels Which three of the following are considered to be questions or testing methods for host network vulnerabilities during vulnerability analysis? - Answer-a. Use of intrusion detection and protection b. WPA use for wireless networks c. Access limitation to known devices A relative scale is used in the qualitative risk quantification process, while a currency scale is used in the ____________ risk quantification process. - Answer-Quantitative Hazard probabilities, asset vulnerabilities and threat impact are all aspects of _________________. - Answer-Risk quantification The goal of risk quantification is to produce a list of risks that can be segregated as: - Answer-NOT: All of the above Which of the following would be considered a root cause of a fire threat? - Answer-Storing flammable cleaning agents The FIPS 199 impact analysis scale considers impacts in relation to the loss of three security goals. Which of the following is one of the security goals examined by the FIPS 199 standard? - Answer-Integrity The ISO/IEC 27002:2005 standard is a code of practice for information security management, containing security controls and practices. What is its function? - Answer-To help establish or improve an organization's information security management programWhich is the correct equation for quantitative risk quantification? - Answer-EMV = probability * vulnerability * impact Risk tolerance involves both risk attitude and risk capacity. Risk attitude refers to the organization's _______________________, while risk capacity describes the maximum amount of risk that the organization can assume. - Answer-Willingness to incur risk Risk grading uses what two factors to determine the severity of a hazard? - Answer-NOT: Vulnerability and impact Which of the following is NOT used for determining asset vulnerability? - Answer-NOT: Questionnaires According to the classification of hazards, a black hat hacker would be classified as a ________________. - Answer-Malicious human hazard Which of the following is considered a business risk? - Answer-Investments in stock Which of the following is the formula used for the Failure Mode and Effects Analysis risk quantification method? - Answer-Risk Priority Number = Severity * Likelihood of Occurrence * Detection Inability Which of the following is a method for determining hazard likelihood or probability? - Answer-All of the above Questionnaires, walkthroughs, and penetration testing are all commonly-used methods of determining ________________. - Answer-Asset vulnerability The FIPS 199 impact analysis scale considers impacts in relation to the loss of which three security goals? (Select the three correct answers) - Answer-a. Integrity c. Confidentialityd. Availability The ISO/IEC 27002:2005 standard is a code of practice for information security management, containing security ________________ to help establish or improve an organization's information security management program. - Answer-Controls and practices Which of the following is NOT a goal of risk quantification? - Answer-Determining threat stakeholders According to the classification of hazards, an unlocked door is considered to be a(n) _________________. - Answer-Non-malicious human hazard Which of the following is NOT a method for determining hazard likelihood or probability? - Answer-Asset vulnerability A key factor in risk quantification is ___________. - Answer-Asset vulnerabilities In the formula for the Failure Mode and Effects Analysis risk quantification method, the rated variables (such as severity) range from _______________. The resulting Risk Priority Number ranges from 1 to 1000. - Answer-1 to 10 One risk quantification method compares and examines two factors - impact and probability (likelihood) - to determine the severity of a hazard. What is this method? - Answer-NOT: Risk grading NOT: Risk scenarios