CompTIA CASP+ Risk Management Test 2 with 100% Correct answers
1. Which of the following best describes "risk mitigation"?
• A) Ignoring potential risks
• B) Implementing strategies to reduce risk impact or likelihood
• C) Transferring risk to a third party
• Answer: B) Implementing strategies to reduce risk impact or likelihood
• Explanation: Risk mitigation involves taking steps to lessen the severity or likelihood of
identified risks through various controls.
2. What is a key objective of conducting a risk assessment?
• A) To eliminate all risks
• B) To understand and prioritize risks to allocate resources effectively
• C) To increase company profits
• Answer: B) To understand and prioritize risks to allocate resources effectively
• Explanation: Risk assessments help organizations identify and prioritize risks, enabling them to
allocate resources where they are most needed.
3. Which of the following is a risk transfer strategy?
• A) Implementing stronger authentication measures
• B) Purchasing cyber liability insurance
• C) Conducting employee training
• Answer: B) Purchasing cyber liability insurance
• Explanation: Risk transfer involves shifting the financial burden of a risk to another party, such
as through insurance.
4. What is the purpose of a "risk register"?
• A) To document and track identified risks
• B) To list employee performance evaluations
• C) To store financial records
• Answer: A) To document and track identified risks
• Explanation: A risk register is a tool used to record identified risks, their assessment, and the
strategies planned to mitigate them.
5. What does "impact analysis" focus on in the risk management process?
• A) Evaluating the costs of implementing security controls
• B) Assessing the consequences of a risk event on business operations
• C) Determining the likelihood of a risk occurring
• Answer: B) Assessing the consequences of a risk event on business operations
, • Explanation: Impact analysis evaluates how a risk event could affect business operations,
helping prioritize mitigation strategies.
6. Which of the following is a common qualitative risk assessment technique?
• A) Numerical scoring
• B) Expert judgment
• C) Cost-benefit analysis
• Answer: B) Expert judgment
• Explanation: Qualitative assessments often rely on expert opinions and subjective evaluations
rather than numerical data.
7. What is the first step in the risk management lifecycle?
• A) Risk mitigation
• B) Risk assessment
• C) Risk identification
• Answer: C) Risk identification
• Explanation: Identifying risks is the foundational step, which allows organizations to understand
their risk landscape before taking further action.
8. What is a "vulnerability assessment"?
• A) A process to identify weaknesses in systems and networks
• B) A financial review of organizational assets
• C) A study of employee performance
• Answer: A) A process to identify weaknesses in systems and networks
• Explanation: A vulnerability assessment aims to identify and evaluate weaknesses in systems to
inform mitigation strategies.
9. Which approach is taken when an organization accepts the consequences of a
risk?
• A) Risk avoidance
• B) Risk acceptance
• C) Risk transfer
• Answer: B) Risk acceptance
• Explanation: Risk acceptance involves recognizing a risk and deciding to live with its
consequences, often used when the risk is deemed manageable.
10. What is a "contingency plan"?
• A) A plan for regular business operations
• B) A predefined set of actions to take in response to a risk event
• C) A budget for security improvements
• Answer: B) A predefined set of actions to take in response to a risk event
1. Which of the following best describes "risk mitigation"?
• A) Ignoring potential risks
• B) Implementing strategies to reduce risk impact or likelihood
• C) Transferring risk to a third party
• Answer: B) Implementing strategies to reduce risk impact or likelihood
• Explanation: Risk mitigation involves taking steps to lessen the severity or likelihood of
identified risks through various controls.
2. What is a key objective of conducting a risk assessment?
• A) To eliminate all risks
• B) To understand and prioritize risks to allocate resources effectively
• C) To increase company profits
• Answer: B) To understand and prioritize risks to allocate resources effectively
• Explanation: Risk assessments help organizations identify and prioritize risks, enabling them to
allocate resources where they are most needed.
3. Which of the following is a risk transfer strategy?
• A) Implementing stronger authentication measures
• B) Purchasing cyber liability insurance
• C) Conducting employee training
• Answer: B) Purchasing cyber liability insurance
• Explanation: Risk transfer involves shifting the financial burden of a risk to another party, such
as through insurance.
4. What is the purpose of a "risk register"?
• A) To document and track identified risks
• B) To list employee performance evaluations
• C) To store financial records
• Answer: A) To document and track identified risks
• Explanation: A risk register is a tool used to record identified risks, their assessment, and the
strategies planned to mitigate them.
5. What does "impact analysis" focus on in the risk management process?
• A) Evaluating the costs of implementing security controls
• B) Assessing the consequences of a risk event on business operations
• C) Determining the likelihood of a risk occurring
• Answer: B) Assessing the consequences of a risk event on business operations
, • Explanation: Impact analysis evaluates how a risk event could affect business operations,
helping prioritize mitigation strategies.
6. Which of the following is a common qualitative risk assessment technique?
• A) Numerical scoring
• B) Expert judgment
• C) Cost-benefit analysis
• Answer: B) Expert judgment
• Explanation: Qualitative assessments often rely on expert opinions and subjective evaluations
rather than numerical data.
7. What is the first step in the risk management lifecycle?
• A) Risk mitigation
• B) Risk assessment
• C) Risk identification
• Answer: C) Risk identification
• Explanation: Identifying risks is the foundational step, which allows organizations to understand
their risk landscape before taking further action.
8. What is a "vulnerability assessment"?
• A) A process to identify weaknesses in systems and networks
• B) A financial review of organizational assets
• C) A study of employee performance
• Answer: A) A process to identify weaknesses in systems and networks
• Explanation: A vulnerability assessment aims to identify and evaluate weaknesses in systems to
inform mitigation strategies.
9. Which approach is taken when an organization accepts the consequences of a
risk?
• A) Risk avoidance
• B) Risk acceptance
• C) Risk transfer
• Answer: B) Risk acceptance
• Explanation: Risk acceptance involves recognizing a risk and deciding to live with its
consequences, often used when the risk is deemed manageable.
10. What is a "contingency plan"?
• A) A plan for regular business operations
• B) A predefined set of actions to take in response to a risk event
• C) A budget for security improvements
• Answer: B) A predefined set of actions to take in response to a risk event
