What Do You Know About Risk Management? Quiz

12 Questions | Total Attempts: 526

SettingsSettingsSettings
Please wait...
What Do You Know About Risk Management? Quiz

Risk management is the art of minimizing the effect or occurrence of the risk, be it in an organization or a profession. As a student taking business management, what do you know when it comes to risk management? Take up this great quiz and get to learn a thing or two as you tackle it. All the best and keep revising!


Questions and Answers
  • 1. 
    Jim is attempting to justify the security controls he wants to implement at his organization.  What would be his FIRST step to convince his leadeship chain?
    • A. 

      A. Conduct a counter analysis

    • B. 

      B. Perform a risk analysis

    • C. 

      C. Perform a top-down analysis

    • D. 

      D Perform a bottom-up analysis

  • 2. 
    Risk should not  be handled in which of one of the followin:
    • A. 

      A. Reduce the risk

    • B. 

      B. Accept the risk

    • C. 

      C. Transfer the risk

    • D. 

      D. Reject the risk

  • 3. 
    Identifying, assessing, and reducing risk to an acceptable level and maintaining the achieved level is referred to as___________________.
    • A. 

      A. Risk planning

    • B. 

      B. Risk management

    • C. 

      C. Security management

    • D. 

      D. Operations management

  • 4. 
    A company cannnot eliminate all risk.  The risk that remains is refferred to as residual (or acceptable) risk and the company must determine if this corresponds with their acceptable level or risk.  Which of the following defines residual risk?
    • A. 

      A. Asset value x exposure factor

    • B. 

      B. Single Loss Expectancy (SLE) x Annualized Rate of Occurrence (ARO)

    • C. 

      C. (Threats x vulnerability x asset value) x control gap

    • D. 

      Threats x vulnerability x asset value

  • 5. 
    Because of the varying perspectives that senior managers incorporate into their business structure (strategy), there are always different ways to accomplish the same thing.  Risk analysis is no different.  Qualitative Risk Analysis and Quantitative Risk Analysis are very differnet from one another but both reprsent a way of managing risk.  Which of the following action is not a characteristic of Qualitative Risk Analysis?
    • A. 

      A. Instituting an employee survey to gather results based upon their opinions

    • B. 

      B. Department heads-only meeting to brainstorm ideas

    • C. 

      C. Soliciting data from several departments in order to assign an accurate monetary value to an asset.

    • D. 

      D. Constructing and using a rating sytem

  • 6. 
    Which statement describes the proper relationship of the wrods "threats," "expsoure," and "risk?"
    • A. 

      A. An exposure gives rise to a threat which exploits a risk and leads to a vulnerability

    • B. 

      B. A risk causes a vulnerability that leads to a threat and cause an exposure

    • C. 

      C. An exposure allows a weakness that leads to a threat creating an exposure

    • D. 

      A threat is that a threat agent will exploit a vulnerability. The probability of this happening is the risk. Once the vulnerability is exploited there is an exposure.

  • 7. 
    A proper risk analysis has specific steps and objectives that it needs to accomplish.  Which of the following lists these items?
    • A. 

      A. Identify assets and their values; identify vulnerabilities and threats; quantify the probability and business impact of these potential threats; and provide non-economical countermeasure recommendations.

    • B. 

      B. Identify assets and their values; identify vulnerabilities and threats; quantify the probability and business impact of these potential threats; and provide economical countermeasure recommendations.

    • C. 

      C. Identify assets; identify vulnerabilities and threats; quantify the probability and business impact of these potential threats; and provide economical countermeasure recommendation

    • D. 

      D. Identify assets and their values; identify fraud and collusions; quantify the probability and business impact of these potential threats; and provide economical countermeasure recommendation

  • 8. 
    What does it mean that a risk should be accepted based on cost, pain, and visibility?
    • A. 

      A. A company should choose to accept a risk if it is an economnical decision, it can live with the vulnerability, and it won't be viewed as irresponsible in the industry

    • B. 

      B. A company should choose to accept a risk if it is an emotional decision, it can live with the vulnerability, and it won't be viewed as irresponsible in the industry

    • C. 

      C. A company should choose to accept a risk if it is an economnical decision, it can live with the vulnerability, and it won't be viewed as responsible in the industry

    • D. 

      D. A company should choose to accept a risk if it is an economnical decision, it can live with the vulnerability, and it will be viewed as irresponsible in the industry

  • 9. 
    Who sets the acceptable risk level for an organization?
    • A. 

      A. Govern agencies that create regulations

    • B. 

      B. Senior management

    • C. 

      C. Auditors

    • D. 

      D. Security analyst

  • 10. 
    Chrissy is performing a risk analysis.  To complete one step, she answers these questions:  what is the value of the asset to the company, how much does it cost to maintain it, what is its role in the company, how much would it be worth to the competition.  What risk analysis step has Chrissy performed?'
    • A. 

      A. Assigning values to assets

    • B. 

      B. Estimating loss per risk

    • C. 

      C. Performing a threat analysis

    • D. 

      D. Assigning the risk

  • 11. 
    Which of the following is NOT an important aspect of an organizational security policy?
    • A. 

      A. The policy should dictate business objectives

    • B. 

      B. It should be develoed and used to integrate security into all business function and processes

    • C. 

      C. Each iteration of the policy should be dated and under version control

    • D. 

      D. It should be reviewed and modified as a company changes

  • 12. 
    What is the purpose of an Information Risk Management policy?
    • A. 

      A. It outlines the infrastructure for a company's risk management (IRM) processes and procedures

    • B. 

      B. It provides direction for how the IRM team works with government agencies

    • C. 

      C. It is the ncessary key for proeprly detectting administrative, physical, and technical threats

    • D. 

      D. It replaces a company's security policy because it is more expansive and far reaching

Back to Top Back to top