PracticeQuestionsChapter11.Whatisthecorrectapproachforaddressingsecurityandorganizationobjectives?a.Securityandorganizationobjectivesshouldbedevelopedseparately.b.Securityshoulddriveorganizationobjectives.c.Securityshouldsupportorganizationobjectives.d.Thesitesecurityofficershouldapproveorrejectorganizationobjectives.2.Thestatement,“Promoteprofessionalismamonginformationsystemsecuritypractitionersthroughtheprovisioningofprofessionalcertificationandtraining”isanexampleofa/an:a.Missionstatementb.Objectivec.Goald.Requirement3.Thetwocomponentsofriskmanagementare:a.Riskassessmentandriskanalysisb.Vulnerabilityassessmentandrisktreatmentc.Riskassessmentandriskmitigationd.Riskassessmentandrisktreatment4.Asecuritymanagerneedstoperformariskassessmentonacriticalbusinessapplicationinordertodeterminewhatadditionalcontrolsmaybeneededtoprotecttheapplicationanditsdatabases.Thebestapproachtoperformingthisriskassessmentis:a.Performaqualitativeriskassessmentonlyb.Performaquantitativeriskassessmentonlyc.Performaqualitativeriskassessmentfirst,thenperformaquantitativeriskassessmentd.Performaquantitativeriskassessment,thenperformaqualitativeriskassessment5.Aqualitativeriskassessmentisusedtoidentify:a.Vulnerabilities,threats,andcountermeasuresb.Vulnerabilities,threats,threatprobabilities,andcountermeasuresc.Assets,risks,andmitigationplansd.Vulnerabilitiesandcountermeasures6.Theimpactofaspecificthreatisdefinedas:a.Thecostofrecoveringtheassetb.Thecostrequiredtoprotecttherelatedassetc.Theeffectofthethreatifitisrealizedd.Thelossofrevenueifitisrealized7.Exposurefactorisdefinedas:a.Thepartofanasset'svaluethatislikelytobelostbyaparticularthreatb.Theprobabilitythatthethreatwillberealizedc.Theprobabilitythatalosswilloccurinayear’stimed.Thecostofasingleloss8.Asecuritymanagerisperformingaquantitativeriskassessmentonaparticularasset.Thesecuritymanagerwantstodeterminethequantitativelossforasinglelossbasedonaparticularthreat.Thecorrectwaytocalculatethisis:a.Dividetheasset’svaluebytheexposurefactor...
