Which statement describes a cybersecurity risk?

It is the probability of loss due to a threat

It is a weakness in information systems

It is a threat which causes loss of assets

It is the damage incurred by an event which causes disruption of network services

Which statement describes the Cyber Kill Chain?

It identifies the steps that adversaries must complete to accomplish their goals.

It specifies common TCP/IP protocols used to fight against cyberattacks

It is a set of metrics designed to create a way to describe security incidents in a structured and repeatable way

It uses the OSI model to describe cyberattacks at each of the seven layers

What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?

It details how incidents should be handled based on the organizational mission and functions

It provides a roadmap for maturing the incident response capability

It provides metrics for measuring the incident response capability and effectiveness

It defines how the incident response teams will communicate with the rest of the organization and with other organizations

Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?

Develop metrics for measuring the incident response capability and its effectiveness

Detail how incidents should be handled based on the mission and functions of an organization

Create an organizational structure and definition of roles, responsibilities, and levels of authority

Prioritize severity ratings of security incidents

What is a MITRE ATT&CK framework?

A knowledge base of threat actor behavior

A collection of malware exploits and prevention solutions

Guidelines for the collection of digital evidence

Documented processes and procedures for digital forensic analysis

Which two actions can help identify an attacking host during a security incident? (Choose two.)

Use an Internet search engine to gain additional information about the attack

Validate the IP address of the threat actor to determine if it is viable

Log the time and date that the evidence was collected and the incident remediated

Determine the location of the recovery and storage of all evidence

Develop identifying criteria for all evidence such as serial number, hostname, and IP address

A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.)

Who is responsible for the process

Where does the individual perform the process?

Does the process require approval?

How long does the process take?

After containing an incident that infected user workstations with malware, what are three effective remediation procedures that an organization can take for eradication? (Choose three.)

Update and patch the operating system and installed software of all hosts.

Rebuild hosts with installation media if no backups are available

Use clean and recent backups to recover hosts

Change assigned names and passwords for all devices.

Rebuild DHCP servers using clean installation media.

MCyber_Chap26N27

Professional Development

•

23 Qs

Similar activities

STS 101 - Short PRETEST Activity

Professional Development

•

20 Qs

MANTENIMIENTO MOTORES DIESEL

Professional Development

•

20 Qs

Ai & Academic Ethics

Professional Development

•

20 Qs

Women-in-Tek 2025 Assessment

Professional Development

•

20 Qs

MODERN AI QUIZ 2

Professional Development

•

20 Qs

Test: Citlivostní analýza a Dynamické funkce

Professional Development

•

18 Qs

Refresh your knowledge in DE

Professional Development

•

18 Qs

ASESMEN AWAL SOSMED

Professional Development

•

25 Qs

MCyber_Chap26N27

Quiz

•

Information Technology (IT)

•

Professional Development

•

Practice Problem

•

Hard

Marcus Phang

FREE Resource

23 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Exposure factor

Hardware

Quantitative

Qualitative

Answer explanation

Physical items can be assigned a value for quantitative analysis.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Which two types of controls are effective after a violation of a security policy occurs? (Choose two.)

Corrective

Frame the risk

Monitor the risk.

Respond to the risk.

Assess the risk

Answer explanation

Risk management is a formal process that reduces the impact of threats and vulnerabilities. The process involves four general steps:
1) Frame the risk – Identify the threats throughout the organization that increase risk.
2) Assess the risk – Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses.
3) Respond to the risk – Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat.
4) Monitor the risk – Continuously review risk reductions due to elimination, mitigation and transfer actions.

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

20 questions

Project Retrospectives

Quiz

•

Professional Development

20 questions

React Redux

Quiz

•

Professional Development

21 questions

De datos a decisiones

Quiz

•

Professional Development

24 questions

SDLC2.0 Solution Release Doc -Quiz #1.1

Quiz

•

Professional Development

25 questions

Quiz on RAM and Storage Devices

Quiz

•

Professional Development

25 questions

Quizz Segurança e conformidade AWS

Quiz

•

Professional Development

27 questions

Cybersecurity Core Functions-QUIZ

Quiz

•

Professional Development

20 questions

AV2 - INFORMÁTICA BÁSICA E MANUTENÇÃO DE MICROS

Quiz

•

Professional Development

Popular Resources on Wayground

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

15 questions

Solving Equations with Variables on Both Sides Review

Quiz

•

8th Grade

Discover more resources for Information Technology (IT)

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

20 questions

Disney Characters

Quiz

•

Professional Development

20 questions

Customer Service

Quiz

•

Professional Development

10 questions

Food Idioms

Quiz

•

Professional Development

20 questions

NCCER Power Tools Quiz

Quiz

•

Professional Development

MCyber_Chap26N27

23 questions

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Physical items can be assigned a value for quantitative analysis.

Which two types of controls are effective after a violation of a security policy occurs? (Choose two.)

Organizations will implement corrective access controls after a system experiences a threat.
Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

Which type of security control includes backup and restore operations, as well as fault-tolerant data storage?

Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?

Buying insurance transfers the risk to a third party.

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

Deterrents are implemented to discourage or mitigate an action or the behavior of a malicious person.

Which access control should the IT department use to restore a system back to its normal state?

Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Based on the risk management process, what should the cybersecurity team do as the next step when a cybersecurity risk is identified?

What is the first step in the risk management process that helps to reduce the impact of threats and vulnerabilities?

A public cloud service company provides data storage services to multiple customers. The company decides to purchase an insurance policy to cover the data loss due to natural disasters. Which risk management action level has the service company taken to manage the potential risk?

Which statement describes a cybersecurity risk?

Risk is the probability of loss due to a threat that damages information systems or organizational assets.
Vulnerability is a weakness in information systems.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

MCyber_Chap26N27

23 questions

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Physical items can be assigned a value for quantitative analysis.

Which two types of controls are effective after a violation of a security policy occurs? (Choose two.)

Organizations will implement corrective access controls after a system experiences a threat. Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

Which type of security control includes backup and restore operations, as well as fault-tolerant data storage?

Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?

Buying insurance transfers the risk to a third party.

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

Deterrents are implemented to discourage or mitigate an action or the behavior of a malicious person.

Which access control should the IT department use to restore a system back to its normal state?

Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Based on the risk management process, what should the cybersecurity team do as the next step when a cybersecurity risk is identified?

What is the first step in the risk management process that helps to reduce the impact of threats and vulnerabilities?

A public cloud service company provides data storage services to multiple customers. The company decides to purchase an insurance policy to cover the data loss due to natural disasters. Which risk management action level has the service company taken to manage the potential risk?

Which statement describes a cybersecurity risk?

Risk is the probability of loss due to a threat that damages information systems or organizational assets. Vulnerability is a weakness in information systems.

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Organizations will implement corrective access controls after a system experiences a threat.
Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

Risk is the probability of loss due to a threat that damages information systems or organizational assets.
Vulnerability is a weakness in information systems.