MIS 416 Final Study Guide Questions with accurate
answers
_____ monitoring results gives organizations the capability to maintain
awareness of the risk being incurred, highlight the need to revisit other
steps in the risk management process, and initiate process improvement
activities as needed Ans✓✓✓ Analyzing
____________ mitigate(s) risk. Ans✓✓✓ Controls
A best practice for enabling a risk mitigation plan from your risk
assessment is prioritizing countermeasures. Ans✓✓✓ True
A business impact analysis (BIA) is an output of the risk assessment
process. Ans✓✓✓ False
A CBA helps determine if you should use a safeguard. Ans✓✓✓ True
A gap analysis report documents differences between what is mitigated
and what is NOT mitigated, resulting in a gap in security. Ans✓✓✓
True
A KPx is a summary of one or more KRIs. Ans✓✓✓ False
A risk ____ could be a simple listing of identified risks, some of which
are already assessed and others of which are still in the process of being
qualified Ans✓✓✓ Action plan, final report
,A risk ____ could be a simple listing of identified risks, some of which
are already assessed and others of which are still in the process of being
qualified Ans✓✓✓ Inventory
A risk assessment ends with a report. Ans✓✓✓ True
A risk assessment provides a point-in-time report. Ans✓✓✓ True
A threshold KPI is significant when an index falls into a set range.
Ans✓✓✓ True
Access controls testing verifies user rights and permissions. Ans✓✓✓
True
Action plans are a necessary output of the risk assessment process so
that recommendations can be acted upon quickly once the assessment is
approved. Ans✓✓✓ True
After you collect data on risks and recommendations, you include that
information in a report, and you give that report to management. Why do
you do this? Ans✓✓✓ to help management decide which
recommendations to use
ALE is: Ans✓✓✓ SLE x ARO
, All of the following are KPI types except: Ans✓✓✓ Esoteric
All of the following are risk treatments in different frameworks except?
Ans✓✓✓ Control
All of the following are risk treatments in different frameworks except?
Ans✓✓✓ Ignore
Asset valuation is a listing or grouping of assets under an assessment.
Ans✓✓✓ False
Change management ensures that similar systems have the same, or at
least similar, configurations. Ans✓✓✓ False
Change management is a process that ensures that changes are made
only after a review process. Ans✓✓✓ True
Clear and effective security risk assessment reporting requires that the
contents of the report be perceived as (check all that apply) Ans✓✓✓ -
nonthreatening
-relevant
-unambiguous
-accurate
COBIT worked with ISACA to develop ITGI. Ans✓✓✓ False
answers
_____ monitoring results gives organizations the capability to maintain
awareness of the risk being incurred, highlight the need to revisit other
steps in the risk management process, and initiate process improvement
activities as needed Ans✓✓✓ Analyzing
____________ mitigate(s) risk. Ans✓✓✓ Controls
A best practice for enabling a risk mitigation plan from your risk
assessment is prioritizing countermeasures. Ans✓✓✓ True
A business impact analysis (BIA) is an output of the risk assessment
process. Ans✓✓✓ False
A CBA helps determine if you should use a safeguard. Ans✓✓✓ True
A gap analysis report documents differences between what is mitigated
and what is NOT mitigated, resulting in a gap in security. Ans✓✓✓
True
A KPx is a summary of one or more KRIs. Ans✓✓✓ False
A risk ____ could be a simple listing of identified risks, some of which
are already assessed and others of which are still in the process of being
qualified Ans✓✓✓ Action plan, final report
,A risk ____ could be a simple listing of identified risks, some of which
are already assessed and others of which are still in the process of being
qualified Ans✓✓✓ Inventory
A risk assessment ends with a report. Ans✓✓✓ True
A risk assessment provides a point-in-time report. Ans✓✓✓ True
A threshold KPI is significant when an index falls into a set range.
Ans✓✓✓ True
Access controls testing verifies user rights and permissions. Ans✓✓✓
True
Action plans are a necessary output of the risk assessment process so
that recommendations can be acted upon quickly once the assessment is
approved. Ans✓✓✓ True
After you collect data on risks and recommendations, you include that
information in a report, and you give that report to management. Why do
you do this? Ans✓✓✓ to help management decide which
recommendations to use
ALE is: Ans✓✓✓ SLE x ARO
, All of the following are KPI types except: Ans✓✓✓ Esoteric
All of the following are risk treatments in different frameworks except?
Ans✓✓✓ Control
All of the following are risk treatments in different frameworks except?
Ans✓✓✓ Ignore
Asset valuation is a listing or grouping of assets under an assessment.
Ans✓✓✓ False
Change management ensures that similar systems have the same, or at
least similar, configurations. Ans✓✓✓ False
Change management is a process that ensures that changes are made
only after a review process. Ans✓✓✓ True
Clear and effective security risk assessment reporting requires that the
contents of the report be perceived as (check all that apply) Ans✓✓✓ -
nonthreatening
-relevant
-unambiguous
-accurate
COBIT worked with ISACA to develop ITGI. Ans✓✓✓ False
