Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Free Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Which best describes a quantitative hazard analysis?
Correct
A quantitative danger examination consigns budgetary values and rates to the interior of the diverse components of the evaluation. Subjective examination sustains the conclusions of individuals and a rating system to gauge the earnestness level of unmistakable dangers and the benefits of particular countermeasures.
Incorrect
A quantitative danger examination consigns budgetary values and rates to the interior of the diverse components of the evaluation. Subjective examination sustains the conclusions of individuals and a rating system to gauge the earnestness level of unmistakable dangers and the benefits of particular countermeasures.
-
Question 2 of 10
2. Question
Why is a truly quantitative chance analysis not possible to achieve?
Correct
Amid a chance investigation, the group is attempting to appropriately anticipate the long-standing time and all the risks that the future may bring. It is to some degree of a subjective workout and requires educated guessing. It is exceptionally difficult to legitimately foresee that a flood will take put once in ten years and fetched a company up to $40,000 in harm, but this can be what a quantitative investigation tries to accomplish.
Incorrect
Amid a chance investigation, the group is attempting to appropriately anticipate the long-standing time and all the risks that the future may bring. It is to some degree of a subjective workout and requires educated guessing. It is exceptionally difficult to legitimately foresee that a flood will take put once in ten years and fetched a company up to $40,000 in harm, but this can be what a quantitative investigation tries to accomplish.
-
Question 3 of 10
3. Question
What is COBIT and where does it fit into the advancement of data security systems and security programs?
Correct
The Control Goals for Data and related Innovation (COBIT) is a framework created by the Data Frameworks Review and Control Affiliation (ISACA) and the IT Administration Established (ITGI). It characterizes objectives for the controls that ought to be used to appropriately oversee IT and guarantee IT maps to trade needs.
Incorrect
The Control Goals for Data and related Innovation (COBIT) is a framework created by the Data Frameworks Review and Control Affiliation (ISACA) and the IT Administration Established (ITGI). It characterizes objectives for the controls that ought to be used to appropriately oversee IT and guarantee IT maps to trade needs.
-
Question 4 of 10
4. Question
What is the ISO/IEC 27799 standard?
Correct
It is alluded to as wellbeing informatics, and its reason is to supply direction to health organizations and other holders of individual wellbeing data on how to ensure such information through the usage of ISO/IEC 27002.
Incorrect
It is alluded to as wellbeing informatics, and its reason is to supply direction to health organizations and other holders of individual wellbeing data on how to ensure such information through the usage of ISO/IEC 27002.
-
Question 5 of 10
5. Question
OCTAVE, NIST SP 800-30, and AS/NZS ISO 31000 are different options of opportunity administration within businesses and organizations. What are the gaps that exist between these approaches?
Correct
NIST SP 800-30, Amendment 1, “Guide for Conducting Hazard Assessments,” maybe a U.S. federal standard that’s centered on IT dangers. OCTAVE could be a strategy to set up a risk management program inside an organizational structure. AS/NZS ISO 31000 takes a much broader approach to hazard administration. This strategy can be utilized to get a company’s money-related, capital, human security, and trade choices dangers. In spite of the fact that it can be utilized to analyze security dangers, it was not made particularly for this reason.
Incorrect
NIST SP 800-30, Amendment 1, “Guide for Conducting Hazard Assessments,” maybe a U.S. federal standard that’s centered on IT dangers. OCTAVE could be a strategy to set up a risk management program inside an organizational structure. AS/NZS ISO 31000 takes a much broader approach to hazard administration. This strategy can be utilized to get a company’s money-related, capital, human security, and trade choices dangers. In spite of the fact that it can be utilized to analyze security dangers, it was not made particularly for this reason.
-
Question 6 of 10
6. Question
A server that houses touchy information has been put away in an opened room for the final few a long time at Company A. The entryway to the room has a sign on the entryway that peruses “Room 1.” This sign was set on the entryway with the trust that people would not explore for important servers in this room. Realizing usually not ideal security, the company has chosen to introduce a strengthened bolt and server cage for the server and remove the sign. The company has moreover solidified the server’s arrangement and utilized a strict operating framework to get to controls. The reality that the server has been in an opened room marked “Room 1” for the last few years means the company was practicing which of the following?
Correct
Security through lack of definition isn’t executing genuine security controls, but rather attempting to stow away the truth that an asset is defenseless within the trust that an assailant will not notice. Security through lack of clarity is an approach to undertake and trick a potential assailant, which is a destitute way of practicing security. Vulnerabilities ought to be recognized and settled, not hidden.
Incorrect
Security through lack of definition isn’t executing genuine security controls, but rather attempting to stow away the truth that an asset is defenseless within the trust that an assailant will not notice. Security through lack of clarity is an approach to undertake and trick a potential assailant, which is a destitute way of practicing security. Vulnerabilities ought to be recognized and settled, not hidden.
-
Question 7 of 10
7. Question
A server that houses touchy information has been put away in an opened room for the final few a long time at Company A. The entryway to the room has a sign on the entryway that peruses “Room 1.” This sign was set on the entryway with the trust that people would not explore for important servers in this room. Realizing usually not ideal security, the company has chosen to introduce a strengthened bolt and server cage for the server and remove the sign. The company has moreover solidified the server’s arrangement and utilized a strict operating framework to get to controls. The modern reinforced lock and cage serve as which of the taking after?
Correct
Physical controls are security instruments within the physical world, like locks, fences, doors, computer cages, etc. There are three primary control sorts, which are administrative, technical, and physical.
Incorrect
Physical controls are security instruments within the physical world, like locks, fences, doors, computer cages, etc. There are three primary control sorts, which are administrative, technical, and physical.
-
Question 8 of 10
8. Question
A server that houses touchy information has been put away in an opened room for the final few a long time at Company A. The entryway to the room has a sign on the entryway that peruses “Room 1.” This sign was set on the entryway with the trust that people would not explore for important servers in this room. Realizing usually not ideal security, the company has chosen to introduce a strengthened bolt and server cage for the server and remove the sign. The company has moreover solidified the server’s arrangement and utilized a strict operating framework to get to controls. The working framework gets to controls contain which of the following?
Correct
Consistent (or specialized) controls are security instruments, as in firewalls, encryption, software authorizations, and confirmation gadgets. They are commonly utilized in pair with physical and authoritative controls to supply a defense-in-depth approach to security.
Incorrect
Consistent (or specialized) controls are security instruments, as in firewalls, encryption, software authorizations, and confirmation gadgets. They are commonly utilized in pair with physical and authoritative controls to supply a defense-in-depth approach to security.
-
Question 9 of 10
9. Question
A company has an e-commerce website that carries out 60 percent of its yearly income. Beneath the current circumstances, the annualized loss hope for web site against the danger of assault is $92,000. After actualizing a new application-layer firewall, the modern annualized misfortune hope would be $30,000. The firewall costs $65,000 per year to actualize and keep up. How much does the firewall save the company from losses?
Correct
$62,000 is the right reply. The firewall decreased the annualized misfortune expectancy (ALE) from $92,000 to $30,000 for a reserve fund of $62,000. The equation for Brew is single loss anticipation × annualized rate of event = Brew. Subtracting the Lager esteem after the firewall is actualized from the esteem sometime recently it was actualized comes about in the potential misfortune investment funds this sort of control gives.
Incorrect
$62,000 is the right reply. The firewall decreased the annualized misfortune expectancy (ALE) from $92,000 to $30,000 for a reserve fund of $62,000. The equation for Brew is single loss anticipation × annualized rate of event = Brew. Subtracting the Lager esteem after the firewall is actualized from the esteem sometime recently it was actualized comes about in the potential misfortune investment funds this sort of control gives.
-
Question 10 of 10
10. Question
A company has an e-commerce website that carries out 60 percent of its yearly income. Beneath the current circumstances, the annualized loss hope for web site against the danger of assault is $92,000. After actualizing a new application-layer firewall, the modern annualized misfortune hope would be $30,000. The firewall costs $65,000 per year to actualize and keep up. What is the firewall’s quality to the company?
Correct
–$3,000 is the right reply. The firewall spares $62,000 but costs $65,000 per year. 62,000 – 65,000 = –3,000. The firewall really costs the company more than the originally expected misfortune, and hence the value to the company could be a negative number. The equation for this calculation is (Lager sometime recently the control is executed) – (Lager after the control is implemented) – (yearly taken a toll of control) = esteem of control.
Incorrect
–$3,000 is the right reply. The firewall spares $62,000 but costs $65,000 per year. 62,000 – 65,000 = –3,000. The firewall really costs the company more than the originally expected misfortune, and hence the value to the company could be a negative number. The equation for this calculation is (Lager sometime recently the control is executed) – (Lager after the control is implemented) – (yearly taken a toll of control) = esteem of control.