Download MCY 660 Module 1 Quiz 1 Risk Management_ Complete Questions and Answers (updated 2025) and more Quizzes Information Technology Management in PDF only on Docsity!
Module 1: Quiz 1
Due Mar 18 at 7:59am Points 80 Questions 80 Available until Mar 23 at 7:59am Time Limit None
Instructions
Online Quiz
Instructions: Please refer below for important instructions plus rules and guidelines associated with this online quiz. Read the questions carefully before you submit your answers/responses. Keep in mind that these quiz questions are objective, multiple choice type questions based upon the topics covered in Chapters 1 & 2. Note the following points: This is an individual assignment, and the class rules on academic honesty will be strictly enforced & followed in case of any acts of plagiarism. This online quiz is expected to be completed by Sunday, 23:59 USA Eastern Time on the specified due date. This is not a time limited assessment, and you have until the mentioned deadline (from when you open up and access the quiz for the first time) to finish taking this quiz, plus submitting your answers online via Canvas. However, you have only one attempt i.e. you can make only one submission to this quiz. Late submissions will be accepted after the due date, but a late penalty of 20% per day late will apply to late turn ins. No makeup assignments allowed. This Canvas submission portal section will close after 5 days from the original due date. No Lock Down browser is required for this quiz, and you are welcome to use the textbook, plus other resources while taking this quiz. Grading: Note that all the assigned questions in this quiz are objective questions, and will be auto-graded. Make sure that you attempt all questions, and don't leave any question unanswered. In short, give your full effort and best answers fearlessly but honestly.
Attempt History
Attempt Time Score LATEST Attempt 1 86 minutes 80 out of 80 Correct answers will be available on Mar 23 at 8am. Score for this quiz: 80 out of 80 Submitted Mar 17 at 2:05pm This attempt took 86 minutes. Question 1 1 / 1 pts Remote Access Domain LAN-to-WAN Domain Workstation Domain WAN Domain Question 2 1 / 1 pts exploit risk threat vulnerability Question 3 1 / 1 pts risk assessment. risk management. risk evaluation. risk reduction. Question 4 1 / 1 pts A new company does not have a lot of revenue for the first year. Installing antivirus software for all the company's computers would be very costly, so the owners decide to forgo purchasing antivirus software for the first year of the business. In what domain of a typical IT infrastructure is a vulnerability created? A(n) _________ is the likelihood that something unexpected is going to occur. Another term for risk mitigation is:
Risk identification Risk assessment Threat assessment Question 9 1 / 1 pts threat × vulnerability. benefit - cost. (benefit - cost) × asset value. threat × vulnerability × asset value. Question 10 1 / 1 pts True False Question 11 1 / 1 pts False True Question 12 1 / 1 pts False True Question 13 1 / 1 pts True False Total risk equals: True or False? A cost-benefit analysis (CBA) helps determine which controls, or countermeasures, to implement. True or False? A risk can be avoided, shared or transferred, mitigated, or accepted. True or False? A threat is a weakness, but a vulnerability is an activity that represents a possible danger. True or False? Balanced security satisfies everyone.
Question 14 1 / 1 pts False True Question 15 1 / 1 pts False True Question 16 1 / 1 pts False True Question 17 1 / 1 pts True False Question 18 1 / 1 pts True False Question 19 1 / 1 pts False True Question 20 1 / 1 pts True or False? Data is a tangible asset. True or False? Future lost revenue is a tangible asset. True or False? If the likelihood of a risk occurring is low, the impact would be low as well. True or False? Implemented controls should be evaluated regularly to determine whether they still provide the expected protection. True or False? Implementing a backup plan is an example of a risk mitigation. True or False? Implementing controls, or countermeasures, reduces vulnerabilities.
False True Question 27 1 / 1 pts True False Question 28 1 / 1 pts False True Question 29 1 / 1 pts True False Question 30 1 / 1 pts Cooperation, installation, and acquisition Confidence, intelligence, and assessment Coordination, implementation, and authorization Confidentiality, integrity, and availability Question 31 1 / 1 pts Natural disasters Social engineering Malware Zombies True or False? The amount spent on controls should be proportional to the risk, which is known as the principle of proportionality. True or False? The formula for calculating residual risk is Total Risk - Controls. True or False? The intangible value of an asset is value that can be measured by cost. True or False? The ultimate goal in risk management is to protect the organization. What are the elements of the security triad? What is a major type of vulnerability for the User Domain?
Question 32 1 / 1 pts Risk management Social engineering Risk mitigation Vulnerability scanning Question 33 1 / 1 pts The impact of the risk outweighs the benefit of the asset. Risks are easily exploited. Risks create vulnerabilities and threats. Risks can destroy a business. Question 34 1 / 1 pts A cyberattack A file on your computer of a new TV episode you downloaded for free A hardware control An MP3 file of a song you bought from an online music service Question 35 1 / 1 pts Cost of gaining a consumer Software application Customer influence Future lost revenue Question 36 1 / 1 pts Identifying risks What is the practice of identifying, assessing, controlling, and mitigating risks? What is the primary reason to avoid risk? Which of the following is most likely to be warez? Which of the following is not an example of an intangible value? Which of the following is not a risk management step?
Install a technical control on the computers to prevent the use of thumb drives. Hold a seminar that explains to employees why the use of thumb drives in the workplace is a security hazard. Question 41 1 / 1 pts zombie vulnerability robot virus Question 42 1 / 1 pts Common Vulnerabilities and Exposures (CVE) list Dark web National Institute of Standards and Technology (NIST) website United States Computer Emergency Readiness Team (US-CERT) website Question 43 1 / 1 pts internal network zone. demilitarized zone. perimeter zone. buffer area. Question 44 1 / 1 pts patch mitigation configuration management version control patch management A __________ is a computer joined to a botnet. Alice is an aspiring hacker. She wants to get information on computer and network vulnerabilities and ways to exploit applications. Which of the following is the best source? All of the following terms have the same meaning, except : A _____________ policy governs how patches are understood, tested, and rolled out to systems and clients.
Question 45 1 / 1 pts All threats Human threats Unintentional threats Intentional threats Question 46 1 / 1 pts DoS attacker. DDoS attacker. computer administrator. script kiddie. Question 47 1 / 1 pts Vandals Activists Hackers Disgruntled employees Question 48 1 / 1 pts Principle of least privilege Principle of proportionality Separation of duties principle Principle of need to know _________ are acts that are hostile to an organization. A teenager learning about computers and programming for the first time writes a simple program meant to disrupt the function of his sister's computer. While she's with friends at the mall, the teenager enters his sister's IP address, launches the program, and waits to see what will happen. The teenager is an example of a: __________ damage for the sake of doing damage, and they often choose targets of opportunity. Hajar is a security professional for a government contractor. Her company recently hired three new employees for a special project, all of whom have a security clearance for Secret data. Rather than granting the employees access to all files and folders in the data repository, she is granting them access only to the data they need for the project. What principle is Hajar following?
Question 53 1 / 1 pts True False Question 54 1 / 1 pts True False Question 55 1 / 1 pts False True Question 56 1 / 1 pts False True Question 57 1 / 1 pts True False Question 58 1 / 1 pts True False True or False? An intrusion detection system (IDS) is designed to detect threats, not prevent threats. True or False? A security policy provides details of how to implement security techniques. True or False? A server's attack surface refers to how many services can be attacked on a server. True or False? A vulnerability may lead to a risk, although by itself it does not become a loss. True or False? Because the United States Computer Emergency Readiness Team (US-CERT) is run within the Department of Homeland Security (DHS), US-CERT information is classified and unavailable to the public. True or False? Companies purchase insurance to reduce the impact of threats.
Question 59 1 / 1 pts False True Question 60 1 / 1 pts True False Question 61 1 / 1 pts False True Question 62 1 / 1 pts False True Question 63 1 / 1 pts False True Question 64 1 / 1 pts False True or False? Greed, anger, and a desire to do damage are common motivations for the perpetrators behind intentional threats. True or False? In a demilitarized zone (DMZ), the firewall connected to the Internet allows access to the public-facing servers. True or False? Ransomware is an attack in which criminals restrict access to an infected system and display messages to the user demanding payment to get access to their computer and/or files. True or False? Related to security policies, standards describe what should be implemented and how. True or False? The Department of Homeland Security (DHS) and its agencies focus on physical threats to national security, not cyberattacks. True or False? The four categories of unintentional threats are environmental, human, accidents, and failures.
True False Question 71 1 / 1 pts True False Question 72 1 / 1 pts Both the threat and the vulnerability Neither the threat nor the vulnerability The threat only The vulnerability only Question 73 1 / 1 pts A method of configuration management An access control A method of patch management A high-level overview of security goals Question 74 1 / 1 pts Eliminating the threat/vulnerability pair Eliminating the threat Reducing the impact of the loss Increasing the rate of occurrence Question 75 1 / 1 pts True or False? To reduce the overall attack surface of a server, all unneeded services and protocols should be removed. True or False? When system configuration is standardized, systems are easier to troubleshoot and maintain. What can you control about threat/vulnerability pairs? What is a security policy? What is one source of risk reduction?
To reduce human error To enforce the principle of least privilege To create security policies To enforce the principle of need to know Question 76 1 / 1 pts When a vulnerability exploits a threat When an attacker exploits an unintentional threat When a risk assessment is performed When a threat exploits a vulnerability Question 77 1 / 1 pts MITRE Corporation Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) National Institute of Standards and Technology (NIST) Question 78 1 / 1 pts Vandals Advanced persistent threats (APTs) Disgruntled employees Saboteurs Question 79 1 / 1 pts A script kiddie writes and runs malware to "see what it can do." What is the primary reason security professionals automate some processes? When does a threat/vulnerability pair occur? Which of the following is a division of the U.S. Department of Commerce and publishes the Risk Management Framework (RMF) 800 special publications series? Which of the following is best described as attackers who focus on a specific target, have high levels of expertise, have almost unlimited resources, and are often sponsored by nation-states or terrorist groups? Which of the following is not an example of unintentional threat?
