Management UPDATED ACTUAL Exam
Questions and CORRECT Answers
Which of the following families of controls belong to the technical class of controls? -
CORRECT ANSWER - Identification and Authentication
Which of the following is a management strategy for addressing risk? - CORRECT
ANSWER - Accept
Cyber risk management solutions are typically done through which categories of security
controls? - CORRECT ANSWER - Technical, Physical, Administrative
There are agreements organizations may enter into where one party is willing to accept an
amount of risk from another. That transfer is a strategy for managing risk. - CORRECT
ANSWER - TRUE
Which security principle is concerned with the unauthorized modification of important or
sensitive information? - CORRECT ANSWER - Integrity
Simulating attack from a malicious source could be part of penetration testing. - CORRECT
ANSWER - TRUE
Which of the following is an example of a physical control? - CORRECT ANSWER -
Security guard
Incident response planning phase 1 (preparation) calls for: - CORRECT ANSWER - Not B
or C
, The inputs (threat source motivation, threat capacity, nature of vulnerability, and current
controls) will aid in generating output used in which step of the NIST SP risk assessment
guidance? - CORRECT ANSWER - Likelihood Determination
The threat-source is motivated and capable, but controls are in place that may impede successful
exercise of the vulnerability. Which likelihood rating does this describe? - CORRECT
ANSWER - Medium
Which technical control places publicly accessible servers in a special network separated from
the internal network? - CORRECT ANSWER - De-militarized Zone
Establishing the context and providing common perspective on how organizations manage risk is
the goal of: - CORRECT ANSWER - Risk Framing
In the event of a major disaster, which of the following is a fully equipped alternate site,
requiring the shortest setup time to resume full business operations? - CORRECT
ANSWER - Hot
Methods of response for managing risks are: - CORRECT ANSWER - Accept, Transfer,
Mitigate, Avoid
All of the following business assets have threats that would be included for consideration as a
part of threat analysis EXCEPT: - CORRECT ANSWER - All of the above would be
included
The threat source is highly motivated and sufficiently capable, and controls to prevent the
vulnerability from being exercised are ineffective. Which likelihood rating does this describe? -
CORRECT ANSWER - High
Which tier of risk management is associated with Enterprise Architecture? - CORRECT
ANSWER - Not A or D