Can i get answers for below questions
Many consider users to be the "weak link" in the chain.
When performing a risk assessment, all risk should be eliminated, no matter the cost of the control.
Generally, the more secure the system, the less usable it becomes.
An example of applying reasonable security controls to control a risk and be compliant with regulations is an example of Due Diligence.
A/an __________ is the possibility that the company will incur a loss.
a.Vulnerability b.Risk c.Exploit d.Threat
A weak password is an example of a
a.Threat b.Risk c.Vulnerability d.Loss
Which of the following is an example of an intangible asset?
b."Good will" or the branding that is associated with a well-liked product
The area inside the firewall is considered to be the
If a hacker hacks in to a hospital and changes a patient's blood type on his patient healthcare record, which of the following security services was the one that was principally violated?
a.Authentication b.Integrity c.Availability d.Confidentiality
An example of transferring risk is to
a.Implement a security program
b.Do regular backups
c.Purchase cybersecurity insurance
d.Reduce the vulnerability by applying a security control
You have performed a risk assessment and have determined that the cost of an external attack against your corporate Web server would result in a loss of $20,000 per year. A security control to provide redundancy against the server would cost $30,000 per year. Which of the following is the most reasonable approach to handling this risk?
a.Transfer by purchasing insurance that would also cost you $30,000 a year.
b.Mitigate by purchasing the control
c.Accept the risk, until another solution can be found.
d.Avoid the risk by not connecting to the Internet
A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.
a.Separation of Duties
c.Need to Know
Under what circumstances would it be wise to "accept" a risk?
a.Anytime when the cost of the security control exceeds the impact of the risk if it were to happen.
b.Never. Risks should never be "accepted", they should always be mitigated, transferred, or avoided.
c.When the cost of the security control is lower than the cost of the impact of the risk if it were to happen.
d.Only when a risk can be avoided.
Understanding that a "threat" is the potential for a negative event, which of the following is not considered a threat?
b.A Distributed Denial of Service Attack against the company's web server.
c.A corrupt employee steals sensitive data
d.The results of an audit reveal weaknesses with password management processes