Itt Risk Managment Final Answers

Only available on StudyMode
  • Download(s) : 128
  • Published : March 19, 2013
Open Document
Text Preview
In which of the IT domains is a database considered a major component of risk? System/Application Domain

Which of the following is not a risk management technique?
Certification

A CBA is an effort to
Compare the impact of a realized risk to the economic risk associated with managing it

Which of the following is not a technique for mitigating vulnerabilities? Programming bugs

A DoS attack is a threat action affecting which IT domain?
LAN-WAN Domain

To which of the following does HIPAA apply?
Health insurance companies

To which of the following does FERPA apply?
Educational institutions

Which of the following standards contains eight principles specific to security? GAISP

Which of the following standards gives detailed descriptions of IT practices and comprehensive checklists, tasks, and procedures that can be tailed by IT organizations to fit their needs? ITIL

Which agency enforces the SOX
SEC

Which of the following is not a step in the risk control process? Risk identification

Which of the following is responsible for planning, budgeting, and performance of information system security? IT management

Who must make trade off decisions regarding system security? System and information owners

Who develops appropriate training materials for risk management? Security awareness personnel

Which of the following is a goal of an organization's risk management? Ability to perform the mission

Which of the following is not a step in performing a RA?
Organizing company assets

Why is RA a good idea?
Protect assets

Which of the following is a type of RA?
Qualitative

Which of the following is not a threat?
Poor firewall configuration

What is scope?
Extent or range of view, outlook, application, operation, and effectiveness

Which of the following is a technique for identifying threats? Review historical data

Which of the following is an example of administrative control? Policies and procedures

Audits are part of what type of assessment
Vulnerability

Which of the following is a technical control?
Encryption

Which of the following is a type of risk mitigation security control? Planned controls

Risk mitigation planning starts with which of the following? Asset inventory

Identifying the criticality of business operations is a step in which of the following processes? BIA

Which of the following documents identifies an expected level of performance between organizations? Service level agreements (SLA)

When reviewing the R = T x V for any given scenario, and examining a previous employee (T) with a (V) of interactive accounts that are not deleted, what is an effective counter measure? Account management policy

Costs incurred in the reduction of risk often include what costs? Hidden

In risk management, MAO stands for?
Maximum acceptable outage

In a BIA, the loss of immediate sales and cash flow is an example of which of the following? Direct cost

Which of the following is the most important item when identifying recovery requirements? RTO

Preliminary system information, system points of contact (POC), system resources, critical roles, and tables linking and identifying resources can all be found in a ? BIA report

TRUE or FALSE: A company meets its business objectives only if it has motivated employees and satisfied customers False

Which of the following plans focuses on restoring and recovering IT function? DRP

Which of the following has a key objective to identify the CBFs as well as the critical processes supporting the CBFs? BIA

Which among the following determines the acceptable down times for CBFs, processes, and IT service in BIA? MAO

Which of the following is a person who usually manages multiple BCP projects within a large organization? BCP program manager

EMT, DAT, TRT team members work on which of the following?
BCP and BIA

Critical success factors for DRP plans are?
Management support
Knowledge and...
tracking img