Jefferson ESL 63 - Which of the following is the formula

Jefferson ESL 63 - Which of the following is the formula

Question # 00481885 Posted By: dr.tony Updated on: 02/10/2017 06:43 AM Due on: 02/10/2017
Subject General Questions Topic General General Questions Tutorials:
Question
Dot Image
Question 1
  1. Which of the following is the formula used to calculate the risk that remains after you apply controls?
Question 21
  1. Discuss the difference between a qualitative risk assessment and a quantitative risk assessment. When would you recommend using a quantitative risk assessment over a qualitative risk assessment?

Question 19
  1. A document used to track the progress of remediating identified risk.
    a.Risk Profile
    b.Vulnerability Assessment
    c.Risk Assessment
    d.POA&M

1 points


Question 20
  1. A method that shows a list of project tasks that must be completed on time so that the project is not delayed.
    a.Critical Path Chart
    b.Risk Management Plan
    c.Gannt Chart
    d.Milestone Plan Chart

Question 17
  1. Which of the following is not considered a method by which we would harden a server againsts attacks?
    a.Change default passwords
    b.Remove unused services
    c.Reverse engineer a patch to look for vulnerabilities
    d.Enable a firewall

1 points


Question 18
  1. This Act applies to financial oganizations
    a.GLBA
    b.FISMA
    c.Sabanes-Oxley (SOX)
    d.FERPA

Question 15
  1. This regulation applies to how institutions handle the privacy of your student records at the University.
    a.FERPA
    b.HIPAA
    c.GLBA
    d.CIPA

1 points


Question 16
  1. This Act applies to security and privacy expectations of healthcare organizations.
    a.HIPAA
    b.FISMA
    c.FERPA
    d.GLBA

Question 13
  1. A policy that has been implemented that requires two different individuals perform different functions. An example is with a Certificate Authority that issues digital certificates where one role can only identify-proof the person the requesting the certificate and issue a request, and a different person can actually issue the digital certificate.
    a.Job Rotation
    b.Separation of Duties
    c.Acceptable Use
    d.Need to Know

1 points


Question 14
  1. NIST’s Special Publication 800-30 describes what
    a.How to perform a risk assessment
    b.Certification and accreditation practices
    c.A framework of good practices
    d.Maturity levels associated with CMMI

Question 11
  1. The area inside the firewall is considered to be the
    a.User Domain
    b.Workstation Domain
    c.Secured Domain
    d.LAN Domain

1 points


Question 12
  1. If a hacker hacks in to a hospital and changes a patient’s blood type on his patient healthcare record, which of the following security services was the one that was principally violated?
    a.Confidentiality
    b.Authentication
    c.Availability
    d.Integrity

Question 9
  1. The possibility that a negative event will occur is known as a/an:
    a.risk
    b.vulnerablity
    c.exploit
    d.threat

1 points


Question 10
  1. Which of the following is an example of an intangible asset?
    a.Sales database
    b.Server software
    c.“Good will” or the branding that is associated with a well-liked product
    d.Server hardware

Question 7
  1. What are valid contents of a risk management plan?
    a.All of the above
    b.Recommendations
    c.Objectives
    d.POA&M
    e.Scope

1 points


Question 8
  1. You are a very small company that sells healthcare insurance plans. You estimate that the breach of your customer database will cost you $200,000, and that this might happen once in 5 years. A vendor wants to sell you a Data Loss Prevention (DLP) solution that would cost $50,000 per year. Which of the following is the best course of action?
    a.Spend whatever it takes to ensure that this data is safe.
    b.Spend $25,000 on cyber insurance to transfer the risk
    c.Spend the $50,000 to mitigate the risk
    d.Accept the risk,

Question 5
  1. A weak password, or a firewall that has been improperly configured, is considered a/an:
    a.threat
    b.risk
    c.exploit
    d.vulnerability

1 points


Question 6
  1. Which of the following is not a U.S. Government risk management initiative or program?
    a.DHS’ NCCIC
    b.MITRE’s CVE List
    c.ITIL
    d.US-CERT

  1. a.Total Risk=Thrat X Vulnerability X Assest Value
    b.Residual Risk = Total Risk - Controls
    c.ALE=SLExARO
    d.Risk=Threat X Vulnerability

1 points


Question 2
  1. A risk handling technique in which the organization chooses to simply do nothing, as the cost of the risk being actualized is lower than the cost of the security control, is known as
    a.Mitigation
    b.Acceptance
    c.Avoidance
    d.Transfer
Question 3
  1. Which of the following is not a source that would be used to assess an organziation’s vulnerabilities?
    a.Prior events
    b.Acutuary tables
    c.System Logs
    d.Audits

1 points


Question 4
  1. Historically, a web server attached to the public Internet has a probability of being successfully attacked .90 in each year. To which of the following quantitative elements would this most likely relate?
    a.EF
    b.ARO
    c.SLE
    d.ALE
Dot Image
Report this Question as Inappropriate
Tutorials for this Question
  1. dr.tony
    Tutorial # 00478170 Posted By: dr.tony Posted on: 02/10/2017 06:43 AM
    Puchased By: 3
    Tutorial Preview
    The solution of Jefferson ESL 63 - Which of the following is the formula...
      Get the Solution
    Attachments
    Below_are_the_following_answers_for_your_questions.docx (13.53 KB)
    Below_are_the_following_answers_for_your_questions.docx (13.53 KB)
    Recent Feedback
    Rated By Feedback Comments Rated On
    ch....ch Rating 24/7 online assistance 05/02/2018
  Get the Solution

Great! We have found the solution of this question!

Related Questions and Answers

Whatsapp Lisa