19. The only use of the acceptance strategy that is recognized as valid by industry practices occurs when the organization has done all but which of the following?

c. Determined that the costs to control the risk to an information asset are much lower than the benefit gained from the information asset

a. Determined the level of risk posed to the information asset

b. Performed a thorough cost-benefit analysis

d. Assessed the probability of attack and the likelihood of a successful exploitation of a vulnerability

21. Which of the following is NOT a valid rule of thumb on risk control strategy selection?

c. When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or reduce the attacker's gain, by using technical or operational controls.

a. When a vulnerability exists: Implement security controls to reduce the likelihood of a vulnerability being exploited.

b. When a vulnerability can be exploited: Apply layered protections, architectural designs, and administrative controls to minimize the risk or prevent the occurrence of an attack.

d. When the potential loss is substantial: Apply design principles, architectural designs, and technical and nontechnical protections to limit the extent of the attack, thereby reducing the potential for loss.

23. By multiplying the asset value by the exposure factor, you can calculate which of the following?

a. annualized cost of the safeguard

24. What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?

d. annualized rate of occurrence

26. The Microsoft Risk Management Approach includes four phases. Which of the following is NOT one of them?

c. evaluating alternative strategies

d. measuring program effectiveness

27. What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?

b. quantitative valuation of safeguards

c. subjective prioritization of controls

30. Which of the following is not a step in the FAIR risk management framework?

a. identify scenario components

b. evaluate loss event frequency

COSC 4361 Chapter 7

Quiz

•

others

•

Practice Problem

•

Medium

Kyla Daye

Used 1+ times

FREE Resource

True

False - baseline

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

33 questions

Module G Unit 1 - The Universe TEST REVIEW

Quiz

•

KG - University

31 questions

Lab Safety "Review"

Quiz

•

KG - University

37 questions

EOUT - 9.1 Cybersecurity

Quiz

•

8th Grade

32 questions

Year-End Exam （論表II）比較級・最上級

Quiz

•

8th Grade

35 questions

Sun-Moon-Earth Test Review

Quiz

•

KG - University

36 questions

(Bourque) CP Pronoun Review

Quiz

•

9th - 12th Grade

32 questions

Exploring Cells and Body Systems

Quiz

•

6th Grade - University

33 questions

Chapter 14

Quiz

•

12th Grade

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

Discover more resources for others

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

54 questions

Analyzing Line Graphs & Tables

Quiz

•

4th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

COSC 4361 Chapter 7

35 questions

1. Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.

2. The defense risk control strategy may be accomplished by outsourcing to other organizations.

3. The criterion most commonly used when evaluating a strategy to implement InfoSec controls and safeguards is economic feasibility.

4. Unlike other risk management frameworks, FAIR relies on the qualitative assessment of many risk components using scales with value ranges.

5. The ISO 27005 Standard for InfoSec Risk Management includes a five-stage management methodology; among them are risk treatment and risk communication.

6. The risk control strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards is the protect risk control strategy, also known as the avoidance strategy.

7. A benchmark is derived by comparing measured actual performance against established standards for the measured category.

8. A benchmark is derived by comparing measured actual performance against established standards for the measured category.

9. The risk control strategy that attempts to shift risk to other assets, other processes, or other organizations is known as the defense risk control strategy.

10. An examination of how well a particular solution is supportable given the organization's current technological infrastructure and resources, which include hardware, software, networking, and personnel is known as operational feasibility.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for others