Issc 363 Quiz1
Computers and Technology
Submitted By jmh01
1. Which of the following statements best describes risk?
The probability of loss of a valued resource
2. In which of the IT domains is a hub considered a major component of risk?
Unknown—NOT USER DOMAIN
3. How does risk management impact an organization?
Affects the survivability
4. Which of the following is not a technique for dealing with vulnerabilities?
5. Which of the following statements about threats is not accurate?
Threats can be eliminated completely
6. What would you most commonly do to reduce the potential risk from a threat/vulnerability pair?
Reduce the vulnerability
7. After implementing several security controls, what should be done to ensure the controls are performing as expected?
8. What is the most common target of perpetrators initiating an exploit?
9. Which of the following is a U.S. organization that publishes the Special Publication 800 (SP 800) series of documents?
10. What U.S. organization routinely publishes free cybersecurity-related alerts and tips, and includes the ability to subscribe to e-mail alerts for cybersecurity topics?
11. Companies are expected to understand and abide by any laws that apply to them. What is this commonly called?
12. To which of the following would HIPAA apply?
Health insurance companies
13. What is the first step you would take when creating a HIPAA compliance plan?
14. Which agency enforces the Sarbanes-Oxley Act (SOX)?
15. To which of the following would SOX apply?
Publicly traded companies
16. Which of the following is not one of the objectives of a risk management plan?
17. Which portion of a risk management plan explains the extent to which the plan will be organized and carried out?
18. What is scope?
Boundaries of a plan
19. Of the…...