MIS 416 EXAM 2|139 QUESTIONS WITH
COMPLETE CORRECT ANSWERS.
What type of control ensures that account management is secure?
A. access management controls
B. access controls
C. account management controls
D. account controls- Correct answerC
ROSI = reduction in risk exposure / investment in countermeasures
T/F- Correct answerT
Which of the following affects the cost of a control?
A. maintenance
B. CBA report
C. asset resale
D. liability insurance- Correct answerA
As a top-level executive at your own company, you are worried that your employees
may steal confidential data too easily by downloading and taking home data onto thumb
drives. What is the best way to prevent this from happening?
A. Create and enforce a written company policy against the use of thumb drives, and
install a technical controls on the computers that will prevent the use of thumb drives.
B. Instruct higher level employees to inform their employees that the use of a thumb
drive is a fireable offense.
C. Install a technical control to prevent the use of thumb drives.
,D. Hold a seminar that explains to employees why the use of thumb drives in the
workplace is a security hazard.- Correct answerA
If an in-place countermeasure needs to be upgraded or replaced, you should disable or
remove the countermeasure until the new or upgraded control can be installed in order
to best reduce vulnerabilities.
T/F- Correct answerF
Risk sharing shifts a portion of the responsibility or liability.
T/F- Correct answerT
Insurance, background checks, and security plans are all categories of ____________.
A. procedures
B. policy controls
C. policies
D. procedural controls- Correct answerD
Asset valuation is a listing or grouping of assets under an assessment.
T/F- Correct answerF
What is NOT a best practice for enabling a risk mitigation plan from your risk
assessment?
A. Control the costs.
B. Create a new POAM.
C. Control the schedule.
D. Stay within the scope.- Correct answerB
When a vulnerability (flaw or weakness) exists in an important asset, implement security
controls to reduce the likelihood of a vulnerability being ___________. - Correct
answerexploited
What is Risk Acceptance?
, A. None of the above
B. The appropriate risk response when the identified risk is within the organizational risk
tolerance.
C. The acceptance of what the actual risk is
D. How appropriate the risk can be to the situation - Correct answerB
Loss Before Countermeasure - Loss After Countermeasure = Countermeasure Value
T/F- Correct answerF
Purchasing insurance is the primary way to ______ or _______ risk.
A. mitigate, share
B. mitigate, accept
C. transfer, accept
D. share, transfer- Correct answerD
What is the result of subtracting the post-control annualized loss expectancy and the
ACS from the pre-control annualized loss expectancy?
A. annualized rate of occurrence
B. single loss expectancy
C. exposure factor
D. cost-benefit analysis- Correct answerD
Which of the following is NOT a way organizations can respond to risk?
A. Risk Avoidance
COMPLETE CORRECT ANSWERS.
What type of control ensures that account management is secure?
A. access management controls
B. access controls
C. account management controls
D. account controls- Correct answerC
ROSI = reduction in risk exposure / investment in countermeasures
T/F- Correct answerT
Which of the following affects the cost of a control?
A. maintenance
B. CBA report
C. asset resale
D. liability insurance- Correct answerA
As a top-level executive at your own company, you are worried that your employees
may steal confidential data too easily by downloading and taking home data onto thumb
drives. What is the best way to prevent this from happening?
A. Create and enforce a written company policy against the use of thumb drives, and
install a technical controls on the computers that will prevent the use of thumb drives.
B. Instruct higher level employees to inform their employees that the use of a thumb
drive is a fireable offense.
C. Install a technical control to prevent the use of thumb drives.
,D. Hold a seminar that explains to employees why the use of thumb drives in the
workplace is a security hazard.- Correct answerA
If an in-place countermeasure needs to be upgraded or replaced, you should disable or
remove the countermeasure until the new or upgraded control can be installed in order
to best reduce vulnerabilities.
T/F- Correct answerF
Risk sharing shifts a portion of the responsibility or liability.
T/F- Correct answerT
Insurance, background checks, and security plans are all categories of ____________.
A. procedures
B. policy controls
C. policies
D. procedural controls- Correct answerD
Asset valuation is a listing or grouping of assets under an assessment.
T/F- Correct answerF
What is NOT a best practice for enabling a risk mitigation plan from your risk
assessment?
A. Control the costs.
B. Create a new POAM.
C. Control the schedule.
D. Stay within the scope.- Correct answerB
When a vulnerability (flaw or weakness) exists in an important asset, implement security
controls to reduce the likelihood of a vulnerability being ___________. - Correct
answerexploited
What is Risk Acceptance?
, A. None of the above
B. The appropriate risk response when the identified risk is within the organizational risk
tolerance.
C. The acceptance of what the actual risk is
D. How appropriate the risk can be to the situation - Correct answerB
Loss Before Countermeasure - Loss After Countermeasure = Countermeasure Value
T/F- Correct answerF
Purchasing insurance is the primary way to ______ or _______ risk.
A. mitigate, share
B. mitigate, accept
C. transfer, accept
D. share, transfer- Correct answerD
What is the result of subtracting the post-control annualized loss expectancy and the
ACS from the pre-control annualized loss expectancy?
A. annualized rate of occurrence
B. single loss expectancy
C. exposure factor
D. cost-benefit analysis- Correct answerD
Which of the following is NOT a way organizations can respond to risk?
A. Risk Avoidance
