CIT550 Final Exam 105 Questions and
correct Answers,.
The Advanced Research Projects Agency (ARPA) were created to prevent
technological suprise launces like happened with Sputnik. (T/F) - Correct
answerTrue
Admiral Poindexter's NSDD-145 gave the defense and national security communities
control over securing private sector companies (T/F) - Correct answerTrue
The Morris Worm that did $100 million in damage was created to measure size of the
Internet and was not intended to do damage (T/F) - Correct answerTrue
Risk Management is the practice at the heart of cybersecurity (T/F) - Correct
answerTrue
Which is NOT something that Risk Management tries to identify as critical assets of:
A. Individual
B. Organization
C. Company
D. Family - Correct answerD. Family
The National Institute for Standards and Technology (NIST) standards and procedures
establish baselines for the deployment of products to services across an industry (T/F) -
Correct answerTrue
Which of these are NOT part of the Risk Management Process:
A. Framing
B. Responding
C. Monitoring
D. Managing - Correct answerD. Managing
The first step in the cyber risk management process is risk framing (T/F) - Correct
answerTrue
Risk constraints let managers execute a 100 percent secure risk management plan
(T/F) - Correct answerFalse
The degree to which an organization can handle or incur a specific harm is:
A. Risk Constraint
B. Risk tolerance
C. Priorities trade-offs
, D. Risk framing - Correct answerB. Risk tolerance
Which is an effective method of determining the level and likelihood of risk?
A. Human reliability analysis
B. Statistical modeling
C. Event tree analysis
D. Survey design
E. None of the above
F. All of the above - Correct answerF. All of the above
Professional risk managers are charged with breaking down and analyzing threats,
vulnerabilities, and consequences as separate factors in a risk assessment (T/F) -
Correct answerTrue
A quantitative risk determination approaches risk using past records and data, patterns
of dots, the behavior of technology, the behavior of personnel, and interviews with
personnel may all be sources that play into the determination of a risk's level and/or
likelihood (T/F) - Correct answerFalse
Which of these are NOT part of a Risk Response plan:
A. Manage
B. Avoids
C. Mitigates
D. Transfers Risk - Correct answerA. Manage
Risk Avoidance is a strategy to contain an imminent or current incident (T/F) - Correct
answerFalse
Cybersecurity insurance is an example of Risk transfer (T/F) - Correct answerTrue
The final stage in the cyber risk management process is risk monitoring and takes place
after the response plan has been implemented (T/F) - Correct answerTrue
Which of the following is NOT an element of risk framing?
A. Tolerance
B. Trade-offs
C. Threat assessment
D. Constraints - Correct answerC. Threat assessment
Which of the following is NOT an element of risk response?
A. Avoid
B. Mitigate
C. Manage
D. Transfer - Correct answerC. Manage
correct Answers,.
The Advanced Research Projects Agency (ARPA) were created to prevent
technological suprise launces like happened with Sputnik. (T/F) - Correct
answerTrue
Admiral Poindexter's NSDD-145 gave the defense and national security communities
control over securing private sector companies (T/F) - Correct answerTrue
The Morris Worm that did $100 million in damage was created to measure size of the
Internet and was not intended to do damage (T/F) - Correct answerTrue
Risk Management is the practice at the heart of cybersecurity (T/F) - Correct
answerTrue
Which is NOT something that Risk Management tries to identify as critical assets of:
A. Individual
B. Organization
C. Company
D. Family - Correct answerD. Family
The National Institute for Standards and Technology (NIST) standards and procedures
establish baselines for the deployment of products to services across an industry (T/F) -
Correct answerTrue
Which of these are NOT part of the Risk Management Process:
A. Framing
B. Responding
C. Monitoring
D. Managing - Correct answerD. Managing
The first step in the cyber risk management process is risk framing (T/F) - Correct
answerTrue
Risk constraints let managers execute a 100 percent secure risk management plan
(T/F) - Correct answerFalse
The degree to which an organization can handle or incur a specific harm is:
A. Risk Constraint
B. Risk tolerance
C. Priorities trade-offs
, D. Risk framing - Correct answerB. Risk tolerance
Which is an effective method of determining the level and likelihood of risk?
A. Human reliability analysis
B. Statistical modeling
C. Event tree analysis
D. Survey design
E. None of the above
F. All of the above - Correct answerF. All of the above
Professional risk managers are charged with breaking down and analyzing threats,
vulnerabilities, and consequences as separate factors in a risk assessment (T/F) -
Correct answerTrue
A quantitative risk determination approaches risk using past records and data, patterns
of dots, the behavior of technology, the behavior of personnel, and interviews with
personnel may all be sources that play into the determination of a risk's level and/or
likelihood (T/F) - Correct answerFalse
Which of these are NOT part of a Risk Response plan:
A. Manage
B. Avoids
C. Mitigates
D. Transfers Risk - Correct answerA. Manage
Risk Avoidance is a strategy to contain an imminent or current incident (T/F) - Correct
answerFalse
Cybersecurity insurance is an example of Risk transfer (T/F) - Correct answerTrue
The final stage in the cyber risk management process is risk monitoring and takes place
after the response plan has been implemented (T/F) - Correct answerTrue
Which of the following is NOT an element of risk framing?
A. Tolerance
B. Trade-offs
C. Threat assessment
D. Constraints - Correct answerC. Threat assessment
Which of the following is NOT an element of risk response?
A. Avoid
B. Mitigate
C. Manage
D. Transfer - Correct answerC. Manage
