WGU C842 – CYBER DEFENSE AND COUNTER
MEASURES (EC COUNCIL CIH V1) VERIFIED AND RATED
100% CORRECT ANSWERS/A+GRADE TEST BANK
Risk - ANSWER: The probability of the occurrence of an incident.
Risk Formula - ANSWER: Risk = Events x Probability of occurrence x consequences
Risk Policy - ANSWER: The set of ideas that are to be implemented in order to
minimize and mitigate risks faced by an organization.
Policy Statement Defined steps - ANSWER: * Establish Context
* Risk Identification
* Risk Analysis
* Risk Evaluation
* Treating the risks
* Monitor and Review
* Communication and consultantion
Communication and Consultation - ANSWER: Communication is needed between
internal and external stakeholders at each stage of the risk management process
Monitor and Review - ANSWER: Fequent monitoring and reviewing of the system is
to be made essential to avoid risks
Treating the Risks - ANSWER: Risk management plans are developed for the risk with
highest priority and low priority risks are monitored
Risk Evaluation - ANSWER: The estimated risk levels are compared with the
established criteria which help in prioritizing the risks.
Risk Analysis - ANSWER: This involves determination of risk and the existing controls.
The level of risk is estimated by combing the effects and their probability of
occurrence.
Risk Identification - ANSWER: Identifying the reasons and ways of risk occurrence
which is required for further analysis
Establishing a Context - ANSWER: Criteria on which the risk evaluation must be
etablished and the risk analysis structure is defined.
Risk Assessment - ANSWER: a set of guidelines and procedures to identify and assess
the risks that pose a threat to the business or project environment.
NIST Risk Assessment Methodology Steps - ANSWER: 1. System characteriztion
2. Threat Identification
, 3. Identify Vulnerabilities
4. Control Analysis
5. Likelihood determination
6. Impact Analysis
7. risk determination
8. control recommendations
9. Results Documentation
Step 1: System Characterization - ANSWER: Identify the Boundaries
Characterize the system (establish the scope)
Describe Operational authorization boundaries (hardware, software, system
connectivity etc.)
System Characterization: Inputs - ANSWER: hardware
Software
System Interfaces
Data and information
People
System Mission
System Characterization: Output - ANSWER: System Boundary
System Functions
System and Data Criticality
System and Data Sensitivity
Step 2: Threats Identification - ANSWER: Determine the likelihood of a threat
*System Vulnerabilities
* Threat Sources
Threats Identification: Inputs - ANSWER: History of sys attack
Data from Intel agencies,
NIPC
OIG
FedCIRC
Mass media
Threat Identification: Ouptus - ANSWER: Threat Statement
Threat Types - ANSWER: Human Threats
Technical Threats
Threat Identification Process steps - ANSWER: 1. Threat-source Identification
2. Determining of motivation of threat
Step 3: Identify Vulnerabilities - ANSWER: Prepare a list of the system vulnerabilities
that threat sources can exploit
MEASURES (EC COUNCIL CIH V1) VERIFIED AND RATED
100% CORRECT ANSWERS/A+GRADE TEST BANK
Risk - ANSWER: The probability of the occurrence of an incident.
Risk Formula - ANSWER: Risk = Events x Probability of occurrence x consequences
Risk Policy - ANSWER: The set of ideas that are to be implemented in order to
minimize and mitigate risks faced by an organization.
Policy Statement Defined steps - ANSWER: * Establish Context
* Risk Identification
* Risk Analysis
* Risk Evaluation
* Treating the risks
* Monitor and Review
* Communication and consultantion
Communication and Consultation - ANSWER: Communication is needed between
internal and external stakeholders at each stage of the risk management process
Monitor and Review - ANSWER: Fequent monitoring and reviewing of the system is
to be made essential to avoid risks
Treating the Risks - ANSWER: Risk management plans are developed for the risk with
highest priority and low priority risks are monitored
Risk Evaluation - ANSWER: The estimated risk levels are compared with the
established criteria which help in prioritizing the risks.
Risk Analysis - ANSWER: This involves determination of risk and the existing controls.
The level of risk is estimated by combing the effects and their probability of
occurrence.
Risk Identification - ANSWER: Identifying the reasons and ways of risk occurrence
which is required for further analysis
Establishing a Context - ANSWER: Criteria on which the risk evaluation must be
etablished and the risk analysis structure is defined.
Risk Assessment - ANSWER: a set of guidelines and procedures to identify and assess
the risks that pose a threat to the business or project environment.
NIST Risk Assessment Methodology Steps - ANSWER: 1. System characteriztion
2. Threat Identification
, 3. Identify Vulnerabilities
4. Control Analysis
5. Likelihood determination
6. Impact Analysis
7. risk determination
8. control recommendations
9. Results Documentation
Step 1: System Characterization - ANSWER: Identify the Boundaries
Characterize the system (establish the scope)
Describe Operational authorization boundaries (hardware, software, system
connectivity etc.)
System Characterization: Inputs - ANSWER: hardware
Software
System Interfaces
Data and information
People
System Mission
System Characterization: Output - ANSWER: System Boundary
System Functions
System and Data Criticality
System and Data Sensitivity
Step 2: Threats Identification - ANSWER: Determine the likelihood of a threat
*System Vulnerabilities
* Threat Sources
Threats Identification: Inputs - ANSWER: History of sys attack
Data from Intel agencies,
NIPC
OIG
FedCIRC
Mass media
Threat Identification: Ouptus - ANSWER: Threat Statement
Threat Types - ANSWER: Human Threats
Technical Threats
Threat Identification Process steps - ANSWER: 1. Threat-source Identification
2. Determining of motivation of threat
Step 3: Identify Vulnerabilities - ANSWER: Prepare a list of the system vulnerabilities
that threat sources can exploit
