CSIA 300 – Midterm: Questions With Clear Solutions
Within the realm of IT security, which of the following combinations best
defines risk? Correct Answer - Threat coupled with a vulnerability
When determining the value of an intangible asset which is the BEST
approach? Correct Answer - With the assistance of a finance of
accounting professional determine how much profit the asset has returned
Qualitative risk assessment is earmarked by which of the following? Correct
Answer - Ease of implementation and it can be completed by personnel
with a limited understanding of the risk assessment process
Single loss expectancy (SLE) is calculated by using: Correct Answer -
Asset value and exposure factor
Consideration for which type of risk assessment to perform includes all of the
following: Correct Answer - Culture of the organization, budget,
capabilities and resources
Security awareness training includes: Correct Answer - Security roles
and responsibilities for staff
What is the minimum and customary practice of responsible protection of
assets that affects a community or societal norm? Correct Answer - Due
care
Effective security management: Correct Answer - Reduces risk to an
acceptable level
Availability makes information accessible by protecting from: Correct
Answer - Denial of services, fires, floods, and hurricanes and unreadable
backup tapes
Which phrase best defines a business continuity/disaster recover plan?
Correct Answer - The adequate preparations and procedures for the
continuation of all organization functions
, Which of the following steps should be performed first in a business impact
analysis (BIA)? Correct Answer - Identify all business units within an
organization
Tactical security plans are BEST used to: Correct Answer - Deploy new
security technology
Who is accountable for implementing information security? Correct Answer
- Security officer
Security is likely to be most expensive when addressed in which phase?
Correct Answer - Implementation
Information systems auditors help the organization: Correct Answer -
Identify control gaps
The Facilitated Risk Analysis Process (FRAP) Correct Answer - makes a
base assumption that a narrow risk assessment is the most efficient way to
determine risk in a system, business segment, application or process.
Setting clear security roles has the following benefits: Correct Answer -
Establishes personal accountability, establishes continuous improvement and
reduces turf battles
Well-written security program policies are BEST reviewed: Correct Answer
- At least annually or at pre-determined organization changes
An organization will conduct a risk assessment to evaluate Correct Answer
- threats to its assets, vulnerabilities present in the environment, the
likelihood that a threat will be realized by taking advantage of an exposure,
the impact that the exposure being realized will have on the organization, the
residual risk
A security policy which will remain relevant and meaningful over time
includes the following: Correct Answer - Directive words such as shall,
must, or will, defined policy development process and is short in length
Within the realm of IT security, which of the following combinations best
defines risk? Correct Answer - Threat coupled with a vulnerability
When determining the value of an intangible asset which is the BEST
approach? Correct Answer - With the assistance of a finance of
accounting professional determine how much profit the asset has returned
Qualitative risk assessment is earmarked by which of the following? Correct
Answer - Ease of implementation and it can be completed by personnel
with a limited understanding of the risk assessment process
Single loss expectancy (SLE) is calculated by using: Correct Answer -
Asset value and exposure factor
Consideration for which type of risk assessment to perform includes all of the
following: Correct Answer - Culture of the organization, budget,
capabilities and resources
Security awareness training includes: Correct Answer - Security roles
and responsibilities for staff
What is the minimum and customary practice of responsible protection of
assets that affects a community or societal norm? Correct Answer - Due
care
Effective security management: Correct Answer - Reduces risk to an
acceptable level
Availability makes information accessible by protecting from: Correct
Answer - Denial of services, fires, floods, and hurricanes and unreadable
backup tapes
Which phrase best defines a business continuity/disaster recover plan?
Correct Answer - The adequate preparations and procedures for the
continuation of all organization functions
, Which of the following steps should be performed first in a business impact
analysis (BIA)? Correct Answer - Identify all business units within an
organization
Tactical security plans are BEST used to: Correct Answer - Deploy new
security technology
Who is accountable for implementing information security? Correct Answer
- Security officer
Security is likely to be most expensive when addressed in which phase?
Correct Answer - Implementation
Information systems auditors help the organization: Correct Answer -
Identify control gaps
The Facilitated Risk Analysis Process (FRAP) Correct Answer - makes a
base assumption that a narrow risk assessment is the most efficient way to
determine risk in a system, business segment, application or process.
Setting clear security roles has the following benefits: Correct Answer -
Establishes personal accountability, establishes continuous improvement and
reduces turf battles
Well-written security program policies are BEST reviewed: Correct Answer
- At least annually or at pre-determined organization changes
An organization will conduct a risk assessment to evaluate Correct Answer
- threats to its assets, vulnerabilities present in the environment, the
likelihood that a threat will be realized by taking advantage of an exposure,
the impact that the exposure being realized will have on the organization, the
residual risk
A security policy which will remain relevant and meaningful over time
includes the following: Correct Answer - Directive words such as shall,
must, or will, defined policy development process and is short in length
