ITN 262 CHAPTER 1 EXAM QUESTIONS AND ANSWERS ALL CORRECT

ITN 262 CHAPTER 1 EXAM QUESTIONS
AND ANSWERS ALL CORRECT

We develop the list of risks in three steps: First, - Answer- we identify threat agents by
identifying types of people who might want to attack our assets.

We develop the list of risks in three steps: Second, - Answer- we identify the types of
attacks threat agents might perform.

We develop the list of risks in three steps: Third, - Answer- we build a risk matrix to
identify the attacks on specific assets.

These threat agents serve to forward the interests of particular nations. - Answer-
Nation-level competitors

The traditional "spies'" people who collect information on the behalf competing
countries. - Answer- Intelligence agents

People and organizations who use remote sensing, surveillance, and intercepted
communications to spy on other countries. - Answer- Technical collectors

*NSA

Groups who use military force on behalf of a nation - Answer- Military actors

We use a six-level scale that includes the risk levels in NIST's Risk Management
Framework (RMF); _______ not motivated to do harm. - Answer- Unmotivated.

We use a six-level scale that includes the risk levels in NIST's Risk Management
Framework (RMF); _____ limited skills and mild motivation may exploit opportunities
like unsecured doors, logged in computers. - Answer- Scant Motivation

We use a six-level scale that includes the risk levels in NIST's Risk Management
Framework (RMF); _______ skilled and motivated to exploit the system but not to cause
significant, visible damage. - Answer- Stealth motivation

We use a six-level scale that includes the risk levels in NIST's Risk Management
Framework (RMF); ___ will do harm that causes limited damage to assets. - Answer-
Low motivation

, We use a six-level scale that includes the risk levels in NIST's Risk Management
Framework (RMF); will do harm that causes significant damage to an enterprise or its
assets. - Answer- Moderate motivation

We use a six-level scale that includes the risk levels in NIST's Risk Management
Framework (RMF); ____ will cause significant disruptions and even critical injuries to
people to achieve objectives. - Answer- High Motivation


The Risk Management Framework (RMF) is? - Answer- a way to assess cybersecurity
risks when developing large-scale computer systems.

What are the six steps in Risk Management Framework (RMF)? - Answer- 1.
Categorize the information
2. Select Security controls
3. Implement security controls
4. Assess Security controls
5. Authorize the information system
6. Monitor security controls

Proprietor's RMF four steps? - Answer- A. Establish system and security goals
B. Select security controls
C. Validate information system
D. Monitor security controls

The simplest way to address a security problem is? - Answer- the rule-based
approached.

Why NIST developed the Risk Management Framework? - Answer- to provide rules by
which government agencies can assess their risks and construct a list of security
requirements.
- applies to individual systems and systems built of multiple systems.

SCADA - Answer- Supervisory Control and Data Acquisition

SP 800-30 - Answer- Guide for Conducting Risk Assessments

SP 800-37 - Answer- Guide for Applying the Risk Management Framework to Federal
Information Systems

FIPS 199 - Answer- Standards for Security Categorization of Federal Information and
Information Systems

SP 800-60 - Answer- Guide for Mapping Types of Information and Information Systems
to Security Categories