MIS 416 EXAM 2 questions with accurate answers
_____ monitoring results gives organizations the capability to maintain
awareness of the risk being incurred, highlight the need to revisit other
steps in the risk management process, and initiate process improvement
activities as needed. Ans✓✓✓ analyzing
A best practice for enabling a risk mitigation plan from your risk
assessment is prioritizing countermeasures.
T/F Ans✓✓✓ T
A best practice for enabling a risk mitigation plan from your risk
assessment is staying within scope.
T/F Ans✓✓✓ T
A business impact analysis (BIA) is an output of the risk assessment
process.
T/F Ans✓✓✓ F
A CBA helps determine if you should use a safeguard.
T/F Ans✓✓✓ T
,A decision is made to accept, avoid, transfer, or mitigate a risk is done in
the risk evaluation stage.
T/F Ans✓✓✓ T
A gap analysis report documents differences between what is mitigated
and what is NOT mitigated, resulting in a gap in security.
T/F Ans✓✓✓ T
A KPx is a summary of one or more KRIs.
T/F Ans✓✓✓ F
A risk ____ could be a simple listing of identified risks, some of which
are already assessed and others of which are still in the process of being
qualified
A. Assessment
B. Plan
C. Mitigation
,D. Inventory Ans✓✓✓ D
A risk assessment ends with a report.
T/F Ans✓✓✓ T
A risk assessment provides a point-in-time report.
T/F Ans✓✓✓ T
A threshold KPI is significant when an index falls into a set range.
T/F Ans✓✓✓ T
Access controls testing verifies user rights and permissions.
T/F Ans✓✓✓ T
Action plans are a necessary output of the risk assessment process so
that recommendations can be acted upon quickly once the assessment is
approved.
T/F Ans✓✓✓ T
, After you collect data on risks and recommendations, you include that
information in a report, and you give that report to management. Why do
you do this?
A. to help management assess how much of the risk was mitigated by
the proposed solution
B. to help management decide which recommendations to use
C. to avoid several time-consuming presentations about each individual
recommendation
D. to inform management of the progress of the risk management task
Ans✓✓✓ B
ALE is:
A. SLE / ARO
B. SLE x ARO
_____ monitoring results gives organizations the capability to maintain
awareness of the risk being incurred, highlight the need to revisit other
steps in the risk management process, and initiate process improvement
activities as needed. Ans✓✓✓ analyzing
A best practice for enabling a risk mitigation plan from your risk
assessment is prioritizing countermeasures.
T/F Ans✓✓✓ T
A best practice for enabling a risk mitigation plan from your risk
assessment is staying within scope.
T/F Ans✓✓✓ T
A business impact analysis (BIA) is an output of the risk assessment
process.
T/F Ans✓✓✓ F
A CBA helps determine if you should use a safeguard.
T/F Ans✓✓✓ T
,A decision is made to accept, avoid, transfer, or mitigate a risk is done in
the risk evaluation stage.
T/F Ans✓✓✓ T
A gap analysis report documents differences between what is mitigated
and what is NOT mitigated, resulting in a gap in security.
T/F Ans✓✓✓ T
A KPx is a summary of one or more KRIs.
T/F Ans✓✓✓ F
A risk ____ could be a simple listing of identified risks, some of which
are already assessed and others of which are still in the process of being
qualified
A. Assessment
B. Plan
C. Mitigation
,D. Inventory Ans✓✓✓ D
A risk assessment ends with a report.
T/F Ans✓✓✓ T
A risk assessment provides a point-in-time report.
T/F Ans✓✓✓ T
A threshold KPI is significant when an index falls into a set range.
T/F Ans✓✓✓ T
Access controls testing verifies user rights and permissions.
T/F Ans✓✓✓ T
Action plans are a necessary output of the risk assessment process so
that recommendations can be acted upon quickly once the assessment is
approved.
T/F Ans✓✓✓ T
, After you collect data on risks and recommendations, you include that
information in a report, and you give that report to management. Why do
you do this?
A. to help management assess how much of the risk was mitigated by
the proposed solution
B. to help management decide which recommendations to use
C. to avoid several time-consuming presentations about each individual
recommendation
D. to inform management of the progress of the risk management task
Ans✓✓✓ B
ALE is:
A. SLE / ARO
B. SLE x ARO
