MSIS 4123 Quiz #2 Questions and Answers Already Passed
Which of the following activities is/are involved in security planning?
* Select all that apply.
A: Recover the business functions
B: Determine the controls to implement
C: Assess the current state
D: Develop a timetable - Answers B, C, D
_______________ is a way to assess cybersecurity risks when developing large-scale computer
systems.
A: Information Security Insurance
B: Business Continuity Planning
C: Risk Management Framework
D: Digital Forensics - Answers C: Risk Management Framework
Which of the following statement is/are correct about internal support systems in the context of
physical security?
* Select all that apply.
A: Internal support systems refer to the resources within a facility that are necessary for the
information systems to function properly.
B: Internal support systems include power control systems such as electric wiring, circuit
breakers, backup batteries, etc.
C: Internal support systems include environmental control systems such as HVAC, dehumidifier,
etc.
D: Internal support systems include fire control systems such as smoke detectors and fire
suppressors. - Answers ...
, Which of the following statements about risk analysis is/are correct?
* Select all that apply.
A: You need to establish 1-to-1 mappings between the risks and controls.
B: A risk matrix show if an asset is subject to certain types of attacks.
C: An attack matrix identifies potential attacks that can be launched by various threat agents
along the major attack types.
D: An infosec control's return of investment (ROI) is the product of single loss expectancy (SLE)
and annual rate of occurrence (ARO). - Answers B, C
We are estimating the impact of an individual attack. Which of the following has the greatest
threat severity (estimated impact)?
A: An attack with a $5000 loss that could happen once a year
B: An attack with a $2000 loss that could happen twice a year
C: An attack with a $400 loss that could happen once a month
D: An attack with a $100 loss that could happen once a week. - Answers D
Which of the following is NOT included in the 4 risk handling strategies?
A: Transfer
B: Mitigate
C: Deny
D: Accept - Answers not A
True or False?
The best environment design for physical security is a design based on the CPTED approach
supplemented with some target-hardening design elements. - Answers T
Imagine that you own a small business. You want to manage infosec risks systematically, but
Which of the following activities is/are involved in security planning?
* Select all that apply.
A: Recover the business functions
B: Determine the controls to implement
C: Assess the current state
D: Develop a timetable - Answers B, C, D
_______________ is a way to assess cybersecurity risks when developing large-scale computer
systems.
A: Information Security Insurance
B: Business Continuity Planning
C: Risk Management Framework
D: Digital Forensics - Answers C: Risk Management Framework
Which of the following statement is/are correct about internal support systems in the context of
physical security?
* Select all that apply.
A: Internal support systems refer to the resources within a facility that are necessary for the
information systems to function properly.
B: Internal support systems include power control systems such as electric wiring, circuit
breakers, backup batteries, etc.
C: Internal support systems include environmental control systems such as HVAC, dehumidifier,
etc.
D: Internal support systems include fire control systems such as smoke detectors and fire
suppressors. - Answers ...
, Which of the following statements about risk analysis is/are correct?
* Select all that apply.
A: You need to establish 1-to-1 mappings between the risks and controls.
B: A risk matrix show if an asset is subject to certain types of attacks.
C: An attack matrix identifies potential attacks that can be launched by various threat agents
along the major attack types.
D: An infosec control's return of investment (ROI) is the product of single loss expectancy (SLE)
and annual rate of occurrence (ARO). - Answers B, C
We are estimating the impact of an individual attack. Which of the following has the greatest
threat severity (estimated impact)?
A: An attack with a $5000 loss that could happen once a year
B: An attack with a $2000 loss that could happen twice a year
C: An attack with a $400 loss that could happen once a month
D: An attack with a $100 loss that could happen once a week. - Answers D
Which of the following is NOT included in the 4 risk handling strategies?
A: Transfer
B: Mitigate
C: Deny
D: Accept - Answers not A
True or False?
The best environment design for physical security is a design based on the CPTED approach
supplemented with some target-hardening design elements. - Answers T
Imagine that you own a small business. You want to manage infosec risks systematically, but
