Answer Key |
APPENDIX |
CHAPTER 1 Risk Management Fundamentals
1. D 2. B 3. A 4. A and C 5. intangible value 6. control 7. B 8. D 9. CVE 10. A 11. CBA, or cost-benefit analysis 12. transfer 13. A, B, and C 14. D 15. C
CHAPTER 2 Managing Risk: Threats, Vulnerabilities, and Exploits
1. D 2. A 3. B 4. C 5. D 6. C 7. B 8. A 9. A 10. E 11. A 12. C 13. C 14. the MITRE Corporation 15. A
CHAPTER 3 Understanding and Maintaining Compliance
1. C 2. D 3. A 4. C 5. B 6. A 7. D 8. A 9. C 10. A 11. B 12. C 13. D 14. 5 15. D
CHAPTER 4 Developing a Risk Management Plan
1. E 2. E 3. D 4. C 5. B 6. A 7. A and B 8. B 9. D 10. A 11. C 12. A 13. C 14. B 15. C
CHAPTER 5 Defining Risk Assessment Approaches
1. E 2. Exposure factor (EF) 3. B 4. quantitative 5. C 6. A 7. B 8. qualitative 9. quantitative 10. B 11. quantitative 12. qualitative 13. D 14. A and B 15. E
CHAPTER 6 Performing a Risk Assessment
1. C 2. E 3. E 4. B 5. D 6. A 7. administrative 8. technical 9. physical 10. C 11. A 12. B 13. B 14. C 15. B
CHAPTER 7 Identifying Assets and Activities to Be Protected
1. A 2. B 3. E 4. E 5. job 6. E 7. C 8. A 9. D 10. mission-critical 11. B 12. A 13. B 14. C 15. A
CHAPTER 8 Identifying and Analyzing Threats, Vulnerabilities, and Exploits
1. natural 2. A 3. C 4. A, B, C, and D 5. D 6. vulnerability 7. C 8. C 9. A 10. D 11. access controls 12. D 13. A 14. C 15. A
CHAPTER 9 Identifying and Analyzing Risk Mitigation Security Controls
1. control, or countermeasure 2. A 3. C 4. B 5. D 6. access 7. C 8. C 9. A 10. D 11. certificate authority (CA) 12. D 13. A 14. B 15. B
CHAPTER 10 Planning Risk Mitigation Throughout an Organization
1. business impact analysis (BIA) 2. B 3. C 4. B 5. D 6. $22 million; 4 percent 7. C 8. C 9. D 10. B 11. A 12. C 13. A 14. B 15. B
CHAPTER 11 Turning a Risk Assessment into a Risk Mitigation Plan
1. in-place 2. A 3. Threat × Vulnerability 4. E 5. A 6. mitigation 7. E 8. C 9. C 10. B 11. A 12. C 13. C 14. F 15. B
CHAPTER 12 Mitigating Risk with a Business Impact Analysis
1. maximum acceptable outage (MAO) 2. B 3. business continuity plan (BCP) 4. D 5. C and D 6. indirect 7. D 8. C 9. B 10. C 11. B 12. A 13. D 14. D 15. B
CHAPTER 13 Mitigating Risk with a Business Continuity Plan
1. BCP, or business continuity plan 2. B 3. scope 4. C 5. D 6. BCP coordinator 7. A 8. C 9. D 10. B 11. A 12. C 13. C 14. A, B, and D 15. A
CHAPTER 14 Mitigating Risk with a Disaster Recovery Plan
1. disaster recovery plan (DRP) 2. A 3. B 4. critical success factor (CSF) 5. D 6. D 7. off-site 8. A 9. C 10. B 11. C 12. D 13. B 14. D 15. B
CHAPTER 15 Mitigating Risk with a Computer Incident Response Team Plan
1. computer incident or computer security incident 2. B 3. denial of service (DoS) or distributed DoS (DDoS) 4. B 5. D 6. D 7. C 8. B 9. D 10. C 11. B 12. B 13. E 14. C 15. a Trojan horse
3.145.101.81