CISM Domain 2: Information Security Risk Management Practice Questions and Answers (100% Pass)

CISM Domain 2: Information Security Risk Management Practice Questions and Answers (100% Pass) What is the formula to calculate Risk? - Answer️️ -Risk = Threat * Vulnerability - This is a qualitative analysis of risk to our assets - You need to identify your assets before calculating the risk of operating them What is the Risk Management lifecycle? - Answer️️ -- IT Risk Identification - IT Risk Assessment - Risk Response and Mitigation - Risk and Control Monitoring and Reporting What is the formula to calculate how bad the risk will be? - Answer️️ -Risk = Threat * Vulnerability * Impact What is the formula to calculate Total Risk? - Answer️️ -Total Risk = Threat * Vulnerability * Asset Value What is the formula to calculate Residual Risk? - Answer️️ -Residual Risk = Total Risk - Countermeasures ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 What is Qualitative Risk Analysis? - Answer️️ -How likely is a risk to happen and how bad is the impact if it does happen? - This is feeling based analysis What is Quantitative Risk Analysis? - Answer️️ -What will a risk cost us if it's to happen? - This is fact based analysis What is a Risk Analysis Matrix? - Answer️️ -A visual representation of risk organized by likelihood (rare to certain) and consequences (insignificant to catastrophic). What is a Risk Register? - Answer️️ -A spreadsheet used to categorize and group risk in columns by name, risk #, probability, impact, mitigation, contingency, and residual risk score. What is Asset Value (AV)? - Answer️️ -How much an asset is worth. What is Exposure Factor (EF)? - Answer️️ -The percentage of the asset loss. What is Single Loss Expectancy (SLE)? - Answer️️ -How much would it cost if it happened once. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 What is the formula to calculate Single Loss Expectancy (SLE)? - Answer️️ -SLE = AV * EF What is Annual Rate of Occurrence (ARO)? - Answer️️ -How often something will happen each year. What is Annual Loss Expectancy (ALE)? - Answer️️ -What it costs per year if we do nothing. What is Total Cost of Ownership (TCO)? - Answer️️ -The cost of owning and operating something. What is the formula for Total Cost of Ownership (TCO)? - Answer️️ -Upfront cost + mitigation cost + operational cost What is Secondary Risk? - Answer️️ -What you get when you mitigate one risk and unintentionally open up another risk. What are the steps to NIST 800-30? - Answer️️ -The 9-step process for Risk Management. 1. System Characterization (risk scope, system/data sensitivity) 2. Threat Identification (threats to system) ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 3. Vulnerability Identification (vulnerabilities to system) 4. Control Analysis (analysis of current/planned safeguards) 5. Likelihood Determination (qualitative) 6. Impact Analysis (qualitative, how bad would the impact be) 7. Risk Determination (look at 5-6 and determine risk and risk levels) 8. Control Recommendations (mitigations) 9. Results Documentation (documentations w/ facts and recommendations) What are the phases of Risk Management? - Answer️️ -1. IT Risk Identification 2. IT Risk Assessment 3. Risk Response and Mitigation 4. Risk and Control Monitoring and Reporting What is Baseband? - Answer️️ -Networks that have one channel can only send one signal at a time. What is Broadband? - Answer️️ -Networks that have multiple channels can send and receive multiple signals at a time. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 5 This is what Ethernet is. What is Extranet? - Answer️️ -Connections between private intranets, often connecting business partners' intranets. What is Circuit Switching? - Answer️️ -Expensive, always available, used less often. - A dedicated comm channel through the network that guarantees the