Close

Domain One: Risk Management

When an organization has very little history of previous attacks or is uncertain of the impact or likelihood of risk scenarios, which is a better risk assessment approach?

a. Quantitative
b. Hybrid
c. Failure Modes and Effects (FMEA)
d. Qualitative

Answer

Answer D – A qualitative approach uses the expert input of all stakeholders to rank the level (degree) of impact an incident would have on the business - often through a Delphi method of data gathering.

What is the primary deliverable of a risk analysis effort?

a. Risk Register
b. Risk Assessment Report
c. Business Impact Analysis
d. Risk mitigation strategy

Answer

Answer B - The primary deliverable of a risk assessment should be a risk assessment report. This report outlines the identified risk, the severity of the risk, and suggestions for risk response. This information will guide the risk response effort in the next phase of risk management.

Jason has to decide the best way to respond to an identified risk to a critical product or service. What is the best alternative if the cost of reducing the risk would exceed the benefit obtained?

a. Risk Avoidance
b. Risk Transference
c. Risk Acceptance
d. Risk Reduction

Answer

Answer B - The primary deliverable of a risk assessment should be a risk assessment report. This report outlines the identified risk, the severity of the risk, and suggestions for risk response. This information will guide the risk response effort in the next phase of risk management.

Domain Two - Security Management

1) What is the role of the Information Owner?

a. Ensure the protection of data they own at all times, on all systems
b. Protect information in their department
c. Safeguard information on the systems they own
d. Determine the correct way to back-up their information

Answer

Answer A – the role of the information owner is to be responsible for the protection of information at all points during the information lifecycle – from the time the information is first received, through all the processing, storage and communication of the information until the time when the information is discarded.

3) What is the best treatment for the problem of social engineering?

a. Strict disciplinary policy
b. Awareness training
c. Prompt investigation of all incidents
d. Follow-up and evaluation of policy

Answer

Answer B – awareness training may be the only effective way to treat the problem of social engineering. There is no technical solution that will address the threat of social engineering properly.

2) What is the role of Senior Management?

a. Set out the proper procedures for handling information
b. Determine the appropriate baseline controls for systems components
c. Be ultimately accountable for information security
d. Lead any investigations into security breaches

Answer

Answer C – Senior management is ultimately accountable for all the assets of the organization including the information security program.

SUPPORT

Please Note:

The support ticket system is for technical questions and post-sale issues.

 

If you have pre-sale questions please use our chat feature or email [email protected] .

Cybersecurity Certifications for Today's INFOSEC Careers

Mile2 Cybersecurity Certifications is a world-leader in providing accredited education, training, and certifications for INFOSEC professionals. We strive to deliver the best course ware, the strongest Cyber Range, and the most user-friendly exam system in the market.

 

Our training courses follow our role-based Certification Roadmap. Plus, many of our classes include hands-on skill development in our Cyber Range.  We train students in penetration testing,disaster recovery, incident handling, and network forensics.  Additionally, our Information Assurance training certification meets military, government, private sector and institutional specifications.  

 

Accreditations

We've developed training for...

Canada Army Navy Airforce

The Canadian Department of National Defense

USAF

The United States Air Force

Defense Logistics Agency

A United States Counterintelligence Agency

Texas Workforce Commission

Texas Workforce Commission