100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
RSK2601 MCQ EXAM PACK 2024 $2.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. RSK2601 2024 A Risk Management Pro
  4.  
  5. RSK2601 2024 A risk management pro

Exam (elaborations)

RSK2601 MCQ EXAM PACK 2024

 3 views  0 purchase
  • Course
  • RSK2601 2024 A risk management pro
  • Institution
  • RSK2601 2024 A Risk Management Pro

RSK2601 MCQ EXAM PACK 2024 A risk management program should MOST importantly seek to: - ANSminimize residual risk. The BEST way to integrate risk management into life cycle processes is through: - ANS-change management. when should a risk assessment should be conducted - ANS-annually or ...

[Show more]

Preview 3 out of 29  pages

Document information

  • September 16, 2024
  • 29
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

Written for

  • RSK2601 2024 A risk management pro
  • RSK2601 2024 A risk management pro

Seller

avatar-seller
joycewanjiku0036

Reviews received

Content preview

RSK2601 MCQ EXAM PACK
2024
A risk management program should MOST importantly seek to: - ANS-
minimize residual risk.

The BEST way to integrate risk management into life cycle processes is
through: - ANS-change management.

when should a risk assessment should be conducted - ANS-annually or
whenever there is a significant change.

risk analysis addresses - ANS-1.the value of the information asset at risk
2.risk frequency/likelihood
3. risk severity (the potential size of the risks's impact)

considered in effective risk management - ANS-the value of each information
asset

the probability or expected frequency that an event will affect an asset

the business impact of the loss incurredse

risk mitigation - ANS-an alternative to risk acceptance

which three of the following are most critical to providing a true capability for
the organization to conduct meaningful risk assessment - ANS-1.
management must have the formal training, skills, and know-how to perform
professional risk assessment
2. the people leading the risk assessment are authorized to accept the
consequences of accepted or untreated risks on behalf of the organization
3. all risk assessment and management is performed according to a pre-
determined formal, documented, and approved risk management
methedology

,risk assessment should consider - ANS-the value of each information asset,
the dollar value of the business impact risk, as well as the expected frequency
of occurrence (likelihood) of a risk

which of the following provides the best basis for determining if a risk has
been appropriately mitigated - ANS-organizational requirements

who are responsible for information classification - ANS-information owners

which of the following should be assessed first - ANS-the maturity of the
organization's risk assessment methodology and practices should be
assessed first since the effectiveness of all risk assessment efforts is driven
by the maturity of the organization's risk assessment and risk management
capability

first step to a penetration test - ANS-mapping a network to determine points
of entry

mapping major threats to business objectives should be performed after
performing a full risk assessment - ANS-false

inadequately secured information assets and it resources most significantly
increases - ANS-residual risk

typical (bad) risk culture: the board - ANS-lacks the knowledge and risk
vocabulary to engage in dialogue with management

typical (bad) risk culture: the ceo - ANS-seeks strategic dialogue about risk
but must rely on intuition

typical (bad) risk culture: the cfo - ANS-has narrow and "silo"ed view of risk,
often focusing on compliance and tangible assets

typical (bad) risk culture: the cro - ANS-understands the risks but has little
influence on decision making

, typical (bad) risk culture: the treasurer - ANS-uses sophisticated risk
management tools, but only for short term risk

typical (bad) risk culture: business unit - ANS-lacks the sophistication and
time to understand, much less measure, their own risks. Not authorized to
decide upon risk treatment

detected vulnerabilities must be evaluated for - ANS-threat, impact, and
corresponding cost of risk mitigation

ISO 27001 requires the organization to define the risk assessment approach
of the organization. which of the following ISO standards most specifically
addresses the risk assessment requirements of ISO 27001 - ANS-ISO 27005

The owner of a business process can best evaluate business risks that are -
ANS-specific to the owner's processes

what allows a risk management program to effectively address changes in risk
- ANS-implementing continuous monitoring processes via periodic re-
assessments of risk

which of the following are sections included within ISO 27005 "information
technology - security techniques - information security risk management"? -
ANS-context establishment (clause 7)
risk assessment (clause 8)
risk treatment (clause 9)
risk acceptance (clause 10)
risk communication (clause 11)
risk monitoring and review (clause 12

a primary consideration in security policy development is basing the policies
on - ANS-a threat profile

which of the following are all examples of threats - ANS-an intruder accessing
the network through a port on the firewall

circumventing existing access controls

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller joycewanjiku0036. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $2.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

77333 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$2.99
  • (0)
  Add to cart