CIS4361 Chapter 4 Exam with Questions and Correct Answers 2025.

CIS4361 Chapter 4 Exam with Questions
and Correct Answers 2025




A(n) ,disaster ,recovery ,plan ,dictates ,the ,actions ,an ,organization ,can ,and ,perhaps
,should ,take ,while ,an ,incident ,is ,in ,progress. ,- ,CORRECT ,ANSWER-False


Internal ,benchmarking ,can ,provide ,the ,foundation ,for ,baselining. ,- ,CORRECT
,ANSWER-False


Each ,of ,the ,threats ,faced ,by ,an ,organization ,must ,be ,examined ,to ,assess ,its
,potential ,to ,endanger ,the ,organization ,and ,this ,examination ,is ,known ,as ,a ,threat
,profile. ,- ,CORRECT ,ANSWER-False


Some ,argue ,that ,it ,is ,virtually ,impossible ,to ,determine ,the ,true ,value ,of ,information
,and ,information-bearing ,assets. ,- ,CORRECT ,ANSWER-True


Protocols ,are ,activities ,performed ,within ,the ,organization ,to ,improve ,security. ,-
,CORRECT ,ANSWER-False


Security ,efforts ,that ,seek ,to ,provide ,a ,superior ,level ,of ,performance ,in ,the ,protection
,of ,information ,are ,referred ,to ,as ,best ,business ,practices. ,- ,CORRECT ,ANSWER-
True

Best ,business ,practices ,are ,often ,called ,recommended ,practices. ,- ,CORRECT
,ANSWER-True


Risk ,evaluation ,assigns ,a ,risk ,rating ,or ,score ,to ,each ,information ,asset. ,- ,CORRECT
,ANSWER-False


Major ,risk ,is ,a ,combined ,function ,of ,(1) ,a ,threat ,less ,the ,effect ,of ,threat-reducing
,safeguards, ,(2) ,a ,vulnerability ,less ,the ,effect ,of ,vulnerability ,reducing ,safeguards,
,and ,(3) ,an ,asset ,less ,the ,effect ,of ,asset ,value-reducing ,safeguards. ,- ,CORRECT
,ANSWER-False

, Qualitative-based ,measures ,are ,comparisons ,based ,on ,numerical ,standards, ,such ,as
,numbers ,of ,successful ,attacks. ,- ,CORRECT ,ANSWER-False


Eliminating ,a ,threat ,is ,an ,impossible ,proposition. ,- ,CORRECT ,ANSWER-False

A(n) ,exposure ,factor ,is ,the ,expected ,percentage ,of ,loss ,that ,would ,occur ,from ,a
,particular ,attack. ,- ,CORRECT ,ANSWER-True


One ,problem ,with ,benchmarking ,is ,that ,there ,are ,many ,organizations ,that ,are
,identical. ,- ,CORRECT ,ANSWER-False


When ,determining ,the ,relative ,importance ,of ,each ,asset, ,refer ,to ,the ,organization's
,mission ,statement ,or ,statement ,of ,objectives ,to ,determine ,which ,elements ,are
,essential, ,which ,are ,supportive, ,and ,which ,are ,merely ,adjuncts. ,- ,CORRECT
,ANSWER-True


CBAs ,cannot ,be ,calculated ,after ,controls ,have ,been ,functioning ,for ,a ,time. ,-
,CORRECT ,ANSWER-False


Once ,the ,organizational ,threats ,have ,been ,identified, ,an ,assets ,identification ,process
,is ,undertaken. ,- ,CORRECT ,ANSWER-False


Benefit ,is ,the ,value ,that ,an ,organization ,realizes ,by ,using ,controls ,to ,prevent ,losses
,associated ,with ,a ,specific ,vulnerability. ,- ,CORRECT ,ANSWER-True


The ,results ,from ,risk ,assessment ,activities ,can ,be ,delivered ,in ,a ,number ,of ,ways: ,a
,report ,on ,a ,systematic ,approach ,to ,risk ,control, ,a ,project-based ,risk ,assessment, ,or
,a ,topic-specific ,risk ,assessment. ,- ,CORRECT ,ANSWER-True


When ,the ,organization ,is ,pursuing ,an ,overall ,risk ,management ,program, ,it ,requires
,a(n) ,systematic ,report ,that ,enumerates ,the ,opportunities ,for ,controlling ,risk. ,-
,CORRECT ,ANSWER-True


The ,general ,management ,of ,an ,organization ,must ,structure ,the ,IT ,and ,information
,security ,functions ,to ,defend ,the ,organization's ,information ,assets. ,- ,CORRECT
,ANSWER-True


A(n) ,qualitative ,assessment ,is ,based ,on ,characteristics ,that ,do ,not ,use ,numerical
,measures. ,- ,CORRECT ,ANSWER-True


You ,should ,adopt ,naming ,standards ,that ,do ,not ,convey ,information ,to ,potential
,system ,attackers. ,- ,CORRECT ,ANSWER-True


The ,most ,common ,of ,the ,mitigation ,procedures ,is ,the ,disaster ,recovery ,plan. ,-
,CORRECT ,ANSWER-True