1. In which of the IT domains is a database considered a major component of risk? System/Application Domain
2. Which of the following is not a risk management technique?
Identifying risks, Assessing risks, Determining which risks will be handled and which risks will accepted, Taking steps to reduce risk to an acceptable level.
3. A CBA is an effort to_____.
A CBA compares the business impact with the cost to implement a control.
4. Which of the following is not a technique for mitigating vulnerabilities?
Alter the physical environment, Change procedures, Add fault tolerance. Modify the technical environment, Train employees
5. A DoS Attack is a threat action affecting which IT domain?
6. To which of the following does HIPPA apply?
If your organization handles health information, HIPPA applies.
7. To which of the following does FERPA apply?
FERPA applies to all schools that receive any funding from the U.S. Department of Education.
8. Which of the following standards contains eight principles specific to security?
9. Which of the following standards gives detailed descriptions of IT practices and comprehensive checklists, tasks, and procedures that can be tailored by IT organizations to fit their needs?
10. Which agency enforces the SOX?
The U.S. Securities and Exchange Commission (SEC)
11. Which of the following is not a step in the risk control process?
Identify threats and vulnerabilities, Identify asset values, Determine the impact of a risk, Determine the usefulness of a safeguard or control.
12. Which of the following is responsible for planning, budgeting, and performance of information system security?
13. Who must make trade-off decisions regarding system security?
14. Who develops appropriate training materials for risk management?
15. Which of the following is a goal of an organizations risk management?