When would it make sense to spend $$50,000 to protect an asset worth $$ 10,000?

It would never make sense to spend $$50,000 to protect an asset worth $$ 10,000.

A risk manager is contemplating risk treatment options for a particularly large risk that exceeds the organization’s stated risk tolerance. How should risk treatment proceed?

The risk manager should escalate the decision to executive management.

The risk should be divided into smaller risks.

The risk manager is empowered to make the risk treatment decision.

The risk should be put on hold.

A cybersecurity leader is recording a decision to accept a particular risk. What, if anything, should the cybersecurity leader do in regard to this accepted risk?

Queue the accepted risk to be redeliberated in one year.

Consider the risk to be accepted in perpetuity.

Convert the accepted risk to a residual risk.

Perform a risk analysis to confirm risk acceptance.

A risk manager is documenting a newly identified risk in the risk register and has identified the department head as the risk owner. The department head has instructed the risk manager to identify one of the lower level managers in the department as the risk manager. What has the department head done in this situation?

Delegated risk ownership to the lower level manager

Abdicated his risk ownership responsibility

When faced with a particularly high risk, executive management has decided to outsource the business operation associated with the risk. A legal agreement identifies that the outsourcer accepts operational risks. What becomes of the accountability associated with the risk?

Accountability remains with executive management.

Accountability is transferred to the outsourcer.

Accountability is reduced by the amount of the risk.

Accountability is transferred to the board of directors

Risk Management 2

Authored by Elankayer Sithirasenan

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

15 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A gaming software start-up company does not employ penetration testing of its software. This is an example of:

High tolerance of risk

Noncompliance

Irresponsibility

Outsourcing

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The categories of risk treatment are:

Risk avoidance, risk transfer, risk mitigation, and risk acceptance

Risk avoidance, risk transfer, and risk mitigation

Risk avoidance, risk reduction, risk transfer, risk mitigation, and risk acceptance

Risk avoidance, risk treatment, risk mitigation, and risk acceptance

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The protective measure reduces threat impact by more than 90 percent.

The asset was required for realization of $500,000 in monthly revenue.

The protective measure reduced threat probability by more than 90 percent.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security steering committee empowered to make risk treatment decisions has chosen to accept a specific risk. What is the best course of action?

Refer the risk to a qualified external security audit firm.

Perform additional risk analysis to identify residual risk.

Reopen the risk item for reconsideration after one year.

Mark the risk item as permanently closed

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The responsibilities of a control owner include all of the following, except

Review the control.

Audit the control.

Document the control.

Maintain records for the control.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Accountability for the outcome of accepted risk is known as:

Risk acceptance

Risk transfer

Risk treatment

Risk ownership

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A risk committee has formally decided that a specific risk is to be mitigated through the enactment of a specific type of control. What has the committee done?

Risk acceptance

Risk treatment

Redefined risk tolerance

Redefined risk appetite

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

15 questions

Emerging Tech

Quiz

•

Professional Development

10 questions

Software Security

Quiz

•

University - Professi...

15 questions

BJT - BASICS

Quiz

•

Professional Development

18 questions

Collocation

Quiz

•

Professional Development

12 questions

Maslow's theory test

Quiz

•

Professional Development

20 questions

contract law 3-elements

Quiz

•

Professional Development

10 questions

Tools of KPI

Quiz

•

Professional Development

20 questions

Module 3 unit 5 Using File System

Quiz

•

Professional Development

Popular Resources on Wayground

8 questions

2 Step Word Problems

Quiz

•

KG - University

20 questions

Comparing Fractions

Quiz

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

10 questions

Latin Bases claus(clois,clos, clud, clus) and ped

Quiz

•

6th - 8th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

7 questions

The Story of Books

Quiz

•

6th - 8th Grade

Discover more resources for Professional Development

10 questions

How to Email your Teacher

Quiz

•

Professional Development

Risk Management 2

A gaming software start-up company does not employ penetration testing of its software. This is an example of:

The categories of risk treatment are:

A security steering committee empowered to make risk treatment decisions has chosen to accept a specific risk. What is the best course of action?

The responsibilities of a control owner include all of the following, except

Accountability for the outcome of accepted risk is known as:

A risk committee has formally decided that a specific risk is to be mitigated through the enactment of a specific type of control. What has the committee done?

A risk committee has formally decided to mitigate a specific risk. Where should this decision be documented?

A risk manager is contemplating risk treatment options for a particularly large risk that exceeds the organization’s stated risk tolerance. How should risk treatment proceed?

A cybersecurity leader is recording a decision to accept a particular risk. What, if anything, should the cybersecurity leader do in regard to this accepted risk?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development