Fundamentals of Cyber Risk Management Exam
2022;FedVTE Exam
In the Incident Response Life Cycle, which of the following phases would
identifying precursors and indication be expected?
B. Detection and Analysis
Establishing the context and providing common perspective on how
organizations manage risk is the goal of:
B. Risk Framing
A decision made based upon business knowledge, executive management
directives, historical perspectives, business goals, and environmental factors is
known as:
C. Judgmental valuation
Which security principle is concerned with the unauthorized modification of
important or sensitive information?
B. Integrity
In relation to risk management, people, information, technology, and facilities are
examples of:
A. Assets
Which of the following is the set of security controls for an information system
that is primarily implemented and executed by people?
A. Operational Controls
Methods of response for managing risks are:
D. Accept, Transfer, Mitigate, Avoid
The inputs (threat source motivation, threat capacity, nature of vulnerability, and
current controls) will aid in generating output used in which step of the NIST SP
risk assessment guidance?
D. Likelihood Determination
Which OCTAVE process involves collecting information about important assets,
security requirements, threats, current organizational strengths, and
vulnerabilities from managers of selected operational areas?
A. Identify Operational Area Knowledge
If the cost of controls to mitigate a risk exceeds the cost of loss the organization
would incur if a threat is realized, the decision may be made to accept the risk.
A. TRUE
The threat-source is motivated and capable, but controls are in place that may
impede successful exercise of the vulnerability. Which likelihood rating does this
describe?
B. Medium
Simulating attack from a malicious source could be part of penetration testing.
A. TRUE
Controls to support business continuity would include:
D. All of the above
Which of the following strategies for managing risk is described as: eliminating
the asset's exposure to risk, or elimination of the asset itself?
2022;FedVTE Exam
In the Incident Response Life Cycle, which of the following phases would
identifying precursors and indication be expected?
B. Detection and Analysis
Establishing the context and providing common perspective on how
organizations manage risk is the goal of:
B. Risk Framing
A decision made based upon business knowledge, executive management
directives, historical perspectives, business goals, and environmental factors is
known as:
C. Judgmental valuation
Which security principle is concerned with the unauthorized modification of
important or sensitive information?
B. Integrity
In relation to risk management, people, information, technology, and facilities are
examples of:
A. Assets
Which of the following is the set of security controls for an information system
that is primarily implemented and executed by people?
A. Operational Controls
Methods of response for managing risks are:
D. Accept, Transfer, Mitigate, Avoid
The inputs (threat source motivation, threat capacity, nature of vulnerability, and
current controls) will aid in generating output used in which step of the NIST SP
risk assessment guidance?
D. Likelihood Determination
Which OCTAVE process involves collecting information about important assets,
security requirements, threats, current organizational strengths, and
vulnerabilities from managers of selected operational areas?
A. Identify Operational Area Knowledge
If the cost of controls to mitigate a risk exceeds the cost of loss the organization
would incur if a threat is realized, the decision may be made to accept the risk.
A. TRUE
The threat-source is motivated and capable, but controls are in place that may
impede successful exercise of the vulnerability. Which likelihood rating does this
describe?
B. Medium
Simulating attack from a malicious source could be part of penetration testing.
A. TRUE
Controls to support business continuity would include:
D. All of the above
Which of the following strategies for managing risk is described as: eliminating
the asset's exposure to risk, or elimination of the asset itself?
