Copyright

Controlling Cybersecurity Risk Chapter Exam

Exam Instructions:

Choose your answers to the questions and click 'Next' to see the next set of questions. You can skip questions if you would like and come back to them later with the yellow "Go To First Skipped Question" button. When you have completed the practice exam, a green submit button will appear. Click it to see your results. Good luck!

Page 1

Question 1 1. What is the aim of mitigation as a risk response strategy?

Question 2 2. Which of the following is NOT a risk response strategy for a positive risk?

Question 3 3. Which risk response strategy for a positive risk is opposite to the avoidance strategy for a negative risk?

Question 4 4. Risks that have a high probability of occurrence and a high financial impact should be ranked _____ a risk that has a low probability of occurrence and a low financial impact.

Question 5 5. When a firm chooses not to pursue an activity for fear of a loss, they are practicing _____.

Page 2

Question 6 6. Risk management is the process of identifying and assessing risks, _____, implementing and evaluating controls to reduce the impact of risks.

Question 7 7. In the example used in this lesson, what is the MAIN reason testing the whole population for horribilitis is not a good idea?

Question 8 8. Which of the following is not necessary information for a risk-benefit analysis?

Question 9 9. In which of the following fields are risk-benefit analyses most common?

Question 10 10. How does ISO 27005 differ from other publications like NIST SP 800-30?

Page 3

Question 11 11. The review stage of the risk management framework should be _____.

Question 12 12. Why might a company accept a risk during the five-step framework?

Question 13 13. When an organization purchases insurance, what is the risk mitigation strategy that they are using?

Question 14 14. If the management decides to proceed with a strategy without putting in additional internal controls or finding a way to share the risk, what risk mitigating strategy are they using?

Question 15 15. If the management decides NOT to pursue a course of action because of the potential harm to the organization, what risk mitigation strategy are they using?

Page 4

Question 16 16. This approach to defense risk control strategy may come in the form of complex passwords or access control measures:

Question 17 17. What does it mean to try to implement risk defense measures through policy?

Question 18 18. Which of these words is most synonymous with defense risk control strategy?

Question 19 19. A business might seek to implement a transference risk control strategy for all of the following reasons EXCEPT which?

Question 20 20. Which of these is a necessary component of transference risk control strategy?

Page 5

Question 21 21. How does risk transference work?

Question 22 22. A project manager will have to deal with ripple effects from subcontractors and their timelines when she or he chooses what method of managing risk?

Question 23 23. If a project manager must meet a tight deadline and decides to add employees, she or he is engaging in what method to manage the risk of missing the deadline?

Question 24 24. When adding resources to a project and having employees work overtime are not effective, what other ways do we have to manage risk as it is happening?

Question 25 25. Who is in charge of distributing the questions, consolidating the replies and leading all Delphi technique discussions?

Page 6

Question 26 26. What is the Delphi technique mainly used for?

Question 27 27. Which of the following is NOT a drawback of the Delphi technique?

Question 28 28. What is the first step of the risk management process?

Question 29 29. The process of determining a control's effectiveness at reducing or minimizing the risk is what stage of the risk management process?

Question 30 30. In terms of risk-benefit analysis, why do we get into cars everyday, even though they're dangerous?

Controlling Cybersecurity Risk Chapter Exam Instructions

Choose your answers to the questions and click 'Next' to see the next set of questions. You can skip questions if you would like and come back to them later with the yellow "Go To First Skipped Question" button. When you have completed the practice exam, a green submit button will appear. Click it to see your results. Good luck!

Computer Science 331: Cybersecurity Risk Analysis Management  /  Computer Science Courses
Support