need help in answering the questions , was trying to read from text book i wanted to conform the right answers
According to the "Risk Impact Assessment and Prioritization" article you read in the lab, which of the following represents the Risk Management process?
a.Risk Identification > Risk Impact Assessment > Risk Prioritization Analysis > Risk Mitigation Planning and Tracking
b.Risk Identification > Risk Prioritization Analysis > Risk Impact Assessment > Risk Tracking
c.Risk Identification > Risk Prioritization Analysis > Risk Impact Assessment > Risk Monitoring
d.Risk Identification > Risk Impact Assessment > Risk Prioritization Analysis > Risk Mitigation Planning, Implementation, and Progress Monitoring
The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a __________ for ongoing mitigation of risks in the seven domains of an IT
a.quantitative risk assessment
b.training and development program
c.security baseline definiation
d.liability protection plan
Which of the seven domains of a typical IT infrastructure is the most difficult to monitor and track effectiveness?
In the real world, some managers worry that the changes required to mitigate a risk will be more disruptive than treating the risk. How can you alleviate that concern?
a.Anticipate the manager's "what if" questions in your recommendations.
b.Ignore the concern and treat the risk anyway.
c.Hope a risk goes unnoticed.
d.Do not bother the manager with anything but the most critical risk.
Which of the seven domains of a typical IT infrastructure can access privacy data and also store it on local hard drives and disks?
In the lab, how many critical "1" risks, threats, and vulnerabilities impacted the LAN-to-WAN Domain?
After you've addressed a risk, it is important to appoint someone to make certain that the risk treatment is being regularly applied so that if a security incident arises, that person can:
a.alert supervisors and any appropriate law-enforcement agencies
b.assume blame and responsibility
c.assign fault and liability accurately
d.ensure that any corrective action aligns with the risk mitigation plan.
Which of the following statements is true regarding treating risks?
a.Treating risk is identical to identical to identifying and assessing risks.
b.Treating risks means making changes based on a risk assessment and a few difficult decisions.
c.Documenting the steps you are taking to mitigate a risk is only necessary for the most critical risks.
d.Documenting a change and the reasoning behind it usually results in the mitigation being reversed and the risk being introduced.
In the lab, you created a Risk Mitigation Plan that included __________ for remediation.
In the lab, what risk impact/factor (Step 4) did you assign to "User downloads and clicks on an unknown e-mail attachment"?