Module 7: Asset and Risk Management Quiz Answers

Cybersecurity Essentials Module 7 Quiz Answers

Module 7: Asset and Risk Management Quiz Question Answers

1. An @Apollo employee has completed a six-month project to identify all data stores and catalog their location. The next step is to classify the data and produce some criteria for data sensitivity. What steps can be taken to classify the data? (Select two correct answers)

  • Identify data sensitivity
  • Treat all the data the same
  • Determine how often data is backed up
  • Establish the owner of the data
  • Determine permissions for the data
  • Determine the user of the data

Explanation: Categorizing data is a process of determining first who owns the data then determining the sensitivity of the data.

2. @Apollo hires a new security officer. One of the officer’s first projects is to take an inventory of the company assets and create a comprehensive database. What information should be captured in the asset database? (Select three correct answers)

  • Users
  • Operating systems
  • Workstations
  • Groups
  • Passwords
  • Hardware network devices

Explanation: Assets include all hardware devices and their operating systems.

3. An employee is asked to evaluate the security posture of @Apollo. They look at past attempts to break into the company and evaluates the threats and exposures to create a report, which also takes into consideration what is most important for @Apollo. What type of risk analysis are they performing?

  • Qualitative
  • Quantitative
  • Opinion
  • Exposure factor

4. You are asked to perform a risk analysis of an organization. You request the organization’s asset database that contains a list of all equipment along with its value to the organization. Which type of risk analysis could you perform based on this information?

  • Qualitative
  • Quantitative
  • Hardware
  • Exposure factor

Explanation: A qualitative or quantitative risk analysis is used to identify and prioritize threats to the organization.

5. What will an organization evaluate when performing a qualitative risk analysis? (Select two correct answers)

  • The annual rate of occurrence
  • The impact of a threat
  • The exposure factor
  • The likelihood of a threat
  • The replacement cost of the asset

Explanation: Qualitative risk analysis uses opinions and scenarios plotting the likelihood of a threat against its impact. For example, a server failure may be likely, but its impact may only be marginal.

6. Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?

  • ARO
  • SLE
  • SRO
  • ALE

7. @Apollo performs a risk analysis for its storage area network. The total asset value is $250,000. The team has identified drive failure as one threat event. The manufacturer’s data and company records provide the following data: EF = 5% and ARO = 2. What is the SLE?

  • $12,500
  • $25,000
  • $50,000
  • $100,000

8. You have implemented policies and procedures in your organization that deal with how sensitive information needs to be handled. What control type did you implement?

  • Administrative controls
  • Physical controls
  • Technical controls
  • Logical controls

Explanation: Administrative controls consist of procedures and policies that an organization puts into place when dealing with sensitive information. These controls determine how people act.

9. Matching. Select from lists and then submit.
Part of asset management is the understanding of an asset’s lifecycle. Put the five states of the asset lifecycle in the correct order.

  • 1 – Procurement
  • 2 – Deployment
  • 3 – Utilization
  • 4 – Maintenance
  • 5 – Disposal

10. An organization takes responsible steps to eliminate risk. Some risks still exist, but the team implements multiple controls to prevent potential loss. What term best describes this practice?

  • Due care
  • Negligence avoidance
  • Due diligence
  • Risk mitigation

Explanation: Exercising due diligence involves taking reasonable steps to eliminate risk. Some risks still exist, but multiple controls are implemented to prevent potential loss.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x