HS 155 (EXAM 1. Chapter 5) Questions With
Complete Answers
is the comparison of past security activities and events against the organization's current
performance - ANSWER false
Exposure factor is the expected percentage of loss that would occur from a particular
attack. - ANSWER true
In a cost-benefit analysis, a single loss expectancy (SLE) is the calculated value associated
with the most likely loss from an attack; the SLE is the product of the asset's value and
the annualized loss expectancy. - ANSWER false
If the acceptance strategy is used to handle every vulnerability in the organization, its
managers may be unable to conduct proactive security activities and may portray an
apathetic approach to security in general. - ANSWER true
The mitigation control strategy attempts to reduce the impact of a successful attack
through planning and preparation. - ANSWER true
The defense control strategy is the risk control strategy that attempts to eliminate or
reduce any remaining uncontrolled risk through the application of additional controls
and safeguards, but it is not the preferred approach to controlling risk. - ANSWER false
, When determining the relative importance of each asset, refer to the organization's
mission statement or statement of objectives to determine which elements are essential,
which are supportive, and which are merely adjuncts. - ANSWER true
Residual risk is the risk that has not been removed, shifted, or planned for after
vulnerabilities have been completely resolved. - ANSWER false
You should adopt naming standards that do not convey information to potential system
attackers. - ANSWER true
Loss event frequency is the combination of an asset's value and the percentage of it that
might be lost in an attack - ANSWER false
Likelihood is the probability that a specific vulnerability within an organization will be the
target of an attack. - ANSWER true
Risk acceptance defines the quantity and nature of risk that organizations are willing to
accept as they evaluate the trade-offs between perfect security and unlimited
accessibility. - ANSWER false
The value of information to the organization's competition should influence the asset's
valuation. - ANSWER true
In addition to their other responsibilities, the three communities of interest are
responsible for determining which control options are cost effective for the organization.
Complete Answers
is the comparison of past security activities and events against the organization's current
performance - ANSWER false
Exposure factor is the expected percentage of loss that would occur from a particular
attack. - ANSWER true
In a cost-benefit analysis, a single loss expectancy (SLE) is the calculated value associated
with the most likely loss from an attack; the SLE is the product of the asset's value and
the annualized loss expectancy. - ANSWER false
If the acceptance strategy is used to handle every vulnerability in the organization, its
managers may be unable to conduct proactive security activities and may portray an
apathetic approach to security in general. - ANSWER true
The mitigation control strategy attempts to reduce the impact of a successful attack
through planning and preparation. - ANSWER true
The defense control strategy is the risk control strategy that attempts to eliminate or
reduce any remaining uncontrolled risk through the application of additional controls
and safeguards, but it is not the preferred approach to controlling risk. - ANSWER false
, When determining the relative importance of each asset, refer to the organization's
mission statement or statement of objectives to determine which elements are essential,
which are supportive, and which are merely adjuncts. - ANSWER true
Residual risk is the risk that has not been removed, shifted, or planned for after
vulnerabilities have been completely resolved. - ANSWER false
You should adopt naming standards that do not convey information to potential system
attackers. - ANSWER true
Loss event frequency is the combination of an asset's value and the percentage of it that
might be lost in an attack - ANSWER false
Likelihood is the probability that a specific vulnerability within an organization will be the
target of an attack. - ANSWER true
Risk acceptance defines the quantity and nature of risk that organizations are willing to
accept as they evaluate the trade-offs between perfect security and unlimited
accessibility. - ANSWER false
The value of information to the organization's competition should influence the asset's
valuation. - ANSWER true
In addition to their other responsibilities, the three communities of interest are
responsible for determining which control options are cost effective for the organization.
