Cybersecurity Essentials Module 7 Quiz Answers
Module 7: Asset and Risk Management Quiz Question Answers
1. An @Apollo employee has completed a six-month project to identify all data stores and catalog their location. The next step is to classify the data and produce some criteria for data sensitivity. What steps can be taken to classify the data? (Select two correct answers)
- Identify data sensitivity
- Treat all the data the same
- Determine how often data is backed up
- Establish the owner of the data
- Determine permissions for the data
- Determine the user of the data
2. @Apollo hires a new security officer. One of the officer’s first projects is to take an inventory of the company assets and create a comprehensive database. What information should be captured in the asset database? (Select three correct answers)
- Operating systems
- Hardware network devices
3. An employee is asked to evaluate the security posture of @Apollo. They look at past attempts to break into the company and evaluates the threats and exposures to create a report, which also takes into consideration what is most important for @Apollo. What type of risk analysis are they performing?
- Exposure factor
4. You are asked to perform a risk analysis of an organization. You request the organization’s asset database that contains a list of all equipment along with its value to the organization. Which type of risk analysis could you perform based on this information?
- Exposure factor
5. What will an organization evaluate when performing a qualitative risk analysis? (Select two correct answers)
- The annual rate of occurrence
- The impact of a threat
- The exposure factor
- The likelihood of a threat
- The replacement cost of the asset
6. Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?
7. @Apollo performs a risk analysis for its storage area network. The total asset value is $250,000. The team has identified drive failure as one threat event. The manufacturer’s data and company records provide the following data: EF = 5% and ARO = 2. What is the SLE?
8. You have implemented policies and procedures in your organization that deal with how sensitive information needs to be handled. What control type did you implement?
- Administrative controls
- Physical controls
- Technical controls
- Logical controls
9. Matching. Select from lists and then submit.
Part of asset management is the understanding of an asset’s lifecycle. Put the five states of the asset lifecycle in the correct order.
- 1 – Procurement
- 2 – Deployment
- 3 – Utilization
- 4 – Maintenance
- 5 – Disposal
10. An organization takes responsible steps to eliminate risk. Some risks still exist, but the team implements multiple controls to prevent potential loss. What term best describes this practice?
- Due care
- Negligence avoidance
- Due diligence
- Risk mitigation