Which statement describes a cybersecurity risk?

It is the probability of loss due to a threat

It is a weakness in information systems

It is a threat which causes loss of assets

It is the damage incurred by an event which causes disruption of network services

Which statement describes the Cyber Kill Chain?

It identifies the steps that adversaries must complete to accomplish their goals.

It specifies common TCP/IP protocols used to fight against cyberattacks

It is a set of metrics designed to create a way to describe security incidents in a structured and repeatable way

It uses the OSI model to describe cyberattacks at each of the seven layers

What is the purpose of the policy element in a computer security incident response capability of an organization, as recommended by NIST?

It details how incidents should be handled based on the organizational mission and functions

It provides a roadmap for maturing the incident response capability

It provides metrics for measuring the incident response capability and effectiveness

It defines how the incident response teams will communicate with the rest of the organization and with other organizations

Which action should be included in a plan element that is part of a computer security incident response capability (CSIRC)?

Develop metrics for measuring the incident response capability and its effectiveness

Detail how incidents should be handled based on the mission and functions of an organization

Create an organizational structure and definition of roles, responsibilities, and levels of authority

Prioritize severity ratings of security incidents

What is a MITRE ATT&CK framework?

A knowledge base of threat actor behavior

A collection of malware exploits and prevention solutions

Guidelines for the collection of digital evidence

Documented processes and procedures for digital forensic analysis

Which two actions can help identify an attacking host during a security incident? (Choose two.)

Use an Internet search engine to gain additional information about the attack

Validate the IP address of the threat actor to determine if it is viable

Log the time and date that the evidence was collected and the incident remediated

Determine the location of the recovery and storage of all evidence

Develop identifying criteria for all evidence such as serial number, hostname, and IP address

A user is asked to create a disaster recovery plan for a company. The user needs to have a few questions answered by management to proceed. Which three questions should the user ask management as part of the process of creating the plan? (Choose three.)

Who is responsible for the process

Where does the individual perform the process?

Does the process require approval?

How long does the process take?

After containing an incident that infected user workstations with malware, what are three effective remediation procedures that an organization can take for eradication? (Choose three.)

Update and patch the operating system and installed software of all hosts.

Rebuild hosts with installation media if no backups are available

Use clean and recent backups to recover hosts

Change assigned names and passwords for all devices.

Rebuild DHCP servers using clean installation media.

MCyber_Chap26N27

Authored by Marcus Phang

Information Technology (IT)

Professional Development

Used 2+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

23 questions

Show all answers

MULTIPLE CHOICE QUESTION

1 min • 1 pt

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Exposure factor

Hardware

Quantitative

Qualitative

Answer explanation

Physical items can be assigned a value for quantitative analysis.

MULTIPLE SELECT QUESTION

1 min • 1 pt

Which two types of controls are effective after a violation of a security policy occurs? (Choose two.)

Corrective

Frame the risk

Monitor the risk.

Respond to the risk.

Assess the risk

Answer explanation

Risk management is a formal process that reduces the impact of threats and vulnerabilities. The process involves four general steps:
1) Frame the risk – Identify the threats throughout the organization that increase risk.
2) Assess the risk – Once a risk has been identified, it is assessed and analyzed to determine the severity that the threat poses.
3) Respond to the risk – Develop an action plan to reduce overall organization risk exposure. Management should rank and prioritize threats and a team determines how to respond to each threat.
4) Monitor the risk – Continuously review risk reductions due to elimination, mitigation and transfer actions.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

21 questions

Remote Support and Scripting Best Practices

Quiz

•

Professional Development

25 questions

React and NodeJS with Docker

Quiz

•

Professional Development

28 questions

Computer Hardware and Troubleshooting Quiz

Quiz

•

Professional Development

20 questions

Quiz 1: Exception Handling

Quiz

•

Professional Development

20 questions

Prelim: Networking II

Quiz

•

Professional Development

20 questions

MSBTE Quiz

Quiz

•

Professional Development

20 questions

NMC-IT PD 2024

Quiz

•

Professional Development

19 questions

SENAI 2024 | REDES 1

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Information Technology (IT)

44 questions

Would you rather...

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

14 questions

Valentine's Day Trivia!

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

11 questions

NFL Football logos

Quiz

•

KG - Professional Dev...

12 questions

Valentines Day Trivia

Quiz

•

Professional Development

MCyber_Chap26N27

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Physical items can be assigned a value for quantitative analysis.

Which two types of controls are effective after a violation of a security policy occurs? (Choose two.)

Organizations will implement corrective access controls after a system experiences a threat.
Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

Which type of security control includes backup and restore operations, as well as fault-tolerant data storage?

Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?

Buying insurance transfers the risk to a third party.

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

Deterrents are implemented to discourage or mitigate an action or the behavior of a malicious person.

Which access control should the IT department use to restore a system back to its normal state?

Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Based on the risk management process, what should the cybersecurity team do as the next step when a cybersecurity risk is identified?

What is the first step in the risk management process that helps to reduce the impact of threats and vulnerabilities?

A public cloud service company provides data storage services to multiple customers. The company decides to purchase an insurance policy to cover the data loss due to natural disasters. Which risk management action level has the service company taken to manage the potential risk?

Which statement describes a cybersecurity risk?

Risk is the probability of loss due to a threat that damages information systems or organizational assets.
Vulnerability is a weakness in information systems.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

MCyber_Chap26N27

A user is asked to perform a risk analysis of a company. The user asks for the company asset database that contains a list of all equipment.The user uses this information as part of a risk analysis. Which type of risk analysis could be performed?

Physical items can be assigned a value for quantitative analysis.

Which two types of controls are effective after a violation of a security policy occurs? (Choose two.)

Organizations will implement corrective access controls after a system experiences a threat. Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

Which type of security control includes backup and restore operations, as well as fault-tolerant data storage?

Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

The CEO of a company is concerned that if a data breach should occur and customer data is exposed, the company could be sued. The CEO makes the decision to buy insurance for the company. What type of risk mitigation is the CEO implementing?

Buying insurance transfers the risk to a third party.

A warning banner that lists the negative outcomes of breaking company policy is displayed each time a computer user logs in to the machine. What type of access control is implemented?

Deterrents are implemented to discourage or mitigate an action or the behavior of a malicious person.

Which access control should the IT department use to restore a system back to its normal state?

Access control prevents an unauthorized user from gaining access to sensitive data and networked systems. There are several technologies used to implement effective access control strategies.

Based on the risk management process, what should the cybersecurity team do as the next step when a cybersecurity risk is identified?

What is the first step in the risk management process that helps to reduce the impact of threats and vulnerabilities?

A public cloud service company provides data storage services to multiple customers. The company decides to purchase an insurance policy to cover the data loss due to natural disasters. Which risk management action level has the service company taken to manage the potential risk?

Which statement describes a cybersecurity risk?

Risk is the probability of loss due to a threat that damages information systems or organizational assets. Vulnerability is a weakness in information systems.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Information Technology (IT)

Organizations will implement corrective access controls after a system experiences a threat.
Recovery security controls restore resources, functions and capabilities back to a normal state after a violation of a security policy.

Risk is the probability of loss due to a threat that damages information systems or organizational assets.
Vulnerability is a weakness in information systems.