User Account

All Pages

What are valid contents of a risk management plan

Assignment Help Management Information Sys
Reference no: EM131684734

Question 1 : Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?

a. EF

b. ARO

c. ALE

d. SLE
 
Question 2 : An organization that accepts credit card payments, would be expected to be compliant with which of the following laws or standards?

a. PCI-DSS

b. HIPAA

c. GLBA

d. FISMA

Question 3 : The act of taking advantage of a weakness within a system to gain unauthorized access is best described as a/an:

a. vulnerability

b. exploit

c. risk

d. threat
 
Question 4 : A risk handling technique in which the company chooses to do nothing about the risk, as the cost of implementing a contro would be more expensive than the impact if the risk were actualized is known as

a. Share or Transfer

b. Mitigation

c. Avoidance

d. Acceptance
 
Question 5 : Which of the following is not a U.S. Government risk management initiative or program?

a. ITIL

b. US-CERT

c. DHS' NCCIC

d. MITRE's CVE List
 
Question 6 : Under FISMA, how often are federal agencies expected to have an independent compliance audit to ensure that security controls are effectively managing risk?

a. Every three years

b. Never

c. Quarterly

d. Annually
 
Question 7 : Students at the University of the Cumberlands have some expectation of privacy afforded to them under which Federal Act?

a. SOX

b. CIPA

c. FERPA

d. FISMA
 
Question 8 :  Which of the following NIST documents addresses how to effectively manage risk?

a. SP 800-55

b. SP 800-41

c. SP 800-53

d. SP 800-30
 
Question 9 : What are valid contents of a risk management plan?

a. Recommendations

b. Scope

c. Objectives

d. All of the above

e. POA&M
 
Question 10 : The amount of money that a negative event will cost us, each time that it occurs.

a. Annualized Rate of Occurrence (ARO)

b. Annual Loss Expectancy (ALE)

c. Single Loss Expectancy (SLE)

d. Exposure Factor (EF)
 
Question 11 : You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $100,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $30,000 per year. Which of the following is the best course of action?

a. Spend $25,000 on cyber insurance to transfer the risk

b. Spend the $30,000 to mitigate the risk

c. Spend whatever it takes to ensure that this data is safe. Its sensitive data, after all!

d. Accept the risk
 
Question 12 :  A type of redundant site that has all of the hardware, software, telecommunication lines, an data already configured and ready to go in the event of a disaster is known as a/an
a. warm site

b. alternate site

c. cold site

d. hot site
 
Question 13 : Implementing an Intrustion Detection System that allows you to watch for hackers in real-time is an example of

a. Risk monitoring

b. Vulnerabiity assessment

c. Risk assessment

d. Risk response
 
Question 14 : A tool used to find open ports on a system is
a. Nessus

b. Wireshark

c. John the Ripper

d. Nmap
 
Question 15 : A risk assessment that uses numerical values to assess the likelihood and impact of a threat to a system is a ____________ risk assessment

a. Quantitative

b. Qualitative

c. Objective

d. Subjective
 
Question 16 : A method that shows a list of project tasks that must be completed on time so that the project is not delayed.

a. Risk Management Plan

b. Milestone Plan Chart

c. Critical Path Chart

d. Gannt Chart
 
Question 17 : A document used to track the progress of remediating identified risk.

a. POA&M, or risk register

b. Risk Profile

c. Vulnerability Assessment

d. Risk Assessment

 Question 18 : This Act applies to financial oganizations

a. Sabanes-Oxley (SOX)

b. FERPA

c. GLBA

d. FISMA
 
Question 19 : Which of the following is not considered a method by which we would harden a server againsts attacks?

a. Enable a firewall

b. Change default passwords

c. Reverse engineer a patch to look for vulnerabilities

d. Remove unused services

Question 20 : This Act applies to security and privacy expectations of healthcare organizations.

a. HIPAA

b. GLBA

c. FERPA

d. FISMA

Question 21 : A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.

a. Job Rotation

b. Need to Know

c. Separation of Duties

d. Acceptable Use

Question 22 : If a hacker hacks in to a bank and transfers money out of one account into his account, which of the following security services was the one that was principally violated?

a. Integrity

b. Confidentiality

c. Availability

d. Access Control

Question 23 : The area inside the firewall is considered to be the

a. Secured Domain

b. Workstation Domain

c. User Domain

d. LAN Domain
 
Question 24 : Which of the following is an example of an intangible asset?

a. Sales database

b. "Good will" or the branding that is associated with a well-liked product

c. Server hardware

d. Server software

Question 25 : The possibility that a negative event will occur is known as a/an:

a. threat

b. risk

c. vulnerablity

d. exploit
 
Question 26 : A weak password, or a firewall that has been improperly configured, is considered a/an:

a. vulnerability

b. threat

c. risk

d. exploit

Question 27 : Which of the following is not a source that would be used to assess an organziation's vulnerabilities?

a. System Logs

b. Prior events

c. Audits

d. Acutuary tables

Question 28 : Which of the following is the formula used to calculate the risk that remains after you apply controls?

a. Risk=Threat X Vulnerability

b. Residual Risk = Total Risk - Controls

c. ALE=SLExARO

d. Total Risk=Thrat X Vulnerability X Assest Value
 
Question 29 : Which of the following is not a fundamental component of an IT risk management plan?

a. Risk assessment

b. Risk reporting

c. Risk identification

d. Risk planning

Question 30 : You have a healthcare organization and would like medical personnel to be able to remotely log in to the network (the Remote Access Domain). Which of the following would be the best technique or tool that you would implement to help mitigate risk to this domain?

a. Implement automated server scanning

b. Implement Web content filters

c. Implement a VPN encrypted tunnel

d. Implement automatic account lockout after 3 failed attempts
 
Question 31 : Discuss one role that would participate in risk management and describe that one role's resposnibilities with respect to risk management.

Question 32 : In your own words, explain why it can be difficult to perform a quantitative risk assessment for a system. Do NOT copy in information or discuss what a quantitative risk assessment is. One, or two, short sentences is all that is required, or expected, for this answer.

Reference no: EM131684734

Questions Cloud

Is there a diurnal ‘rhythm'' to the uv index data : Why isn't UV Index data available for 24 hours each and every day, Is there a diurnal ‘rhythm' to the UV Index data
Evaluate yourself using the three indices of creativity : Think of a conflict that occurred in a team you were a part of and analyze it. What were the main sources of the conflict?
Discuss what are sources of pollutants or contaminates along : What kinds of human activity you see along sequence of bays and channels from San Francisco Bay to the Sacramento & San Joaquin rivers
How do the teams manage their team boundaries : Consider the list of common roles for team members which of these roles do you think you play in your own team or group? Why?
What are valid contents of a risk management plan : An organization that accepts credit card payments, would be expected to be compliant with which of the following laws or standards?
Discuss the whiteboard to draw your food web : Describe a food web based on the interrelationships of the organisms identified in the excerpt. You may also use the whiteboard application
How do these support the principles of p2 and sustainability : How do these support the principles of P2 and sustainability, What goals have the company set, and what is the time frame for completing these
Draw all the roads using mx road or open road : 300982 Transportation Engineering Assignment. Draw all the roads using MX Road or Open Road and show carriage way widths and verges on either sides
Discuss acorn production and gypsy moth population : Design a controlled experiment that tests the relationship between acorn production and gypsy moth population

Reviews

Write a Review

Management Information Sys Questions & Answers

  Information technology and the changing fabric

Illustrations of concepts from organizational structure, organizational power and politics and organizational culture.

  Case study: software-as-a-service goes mainstream

Explain the questions based on case study. case study - salesforce.com: software-as-a-service goes mainstream

  Research proposal on cloud computing

The usage and influence of outsourcing and cloud computing on Management Information Systems is the proposed topic of the research project.

  Host an e-commerce site for a small start-up company

This paper will help develop internet skills in commercial services for hosting an e-commerce site for a small start-up company.

  How are internet technologies affecting the structure

How are Internet technologies affecting the structure and work roles of modern organizations?

  Segregation of duties in the personal computing environment

Why is inadequate segregation of duties a problem in the personal computing environment?

  Social media strategy implementation and evaluation

Social media strategy implementation and evaluation

  Problems in the personal computing environment

What is the basic purpose behind segregation of duties a problem in the personal computing environment?

  Role of it/is in an organisation

Prepare a presentation on Information Systems and Organizational changes

  Perky pies

Information systems to adequately manage supply both up and down stream.

  Mark the equilibrium price and quantity

The demand schedule for computer chips.

  Visit and analyze the company-specific web-site

Visit and analyze the Company-specific web-site with respect to E-Commerce issues

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd