ISSC 363 Week 4 Exam Answers 2018 (American Public University)

$14.99
ISSC 363 Week 4 Exam Answers 2018 (American Public University)

ISSC 363 Week 4 Exam Answers 2018 (American Public University)

  1. Why is a risk assessment valuable for an organization?
  2. Which of the following statements regarding a risk assessment (RA) is true?

  3. What type of risk assessment uses a subjective method to assess a risk?

  4. What type of risk assessment uses terms such as ALE, SLE, and ARO?

  5. A company issues laptop computers to 100 employees. The value of each laptop including hardware, software, and data is $1,000. On average, employees lose one laptop a month. Management determines that it can purchase hardware locks for a total of $1,000 and reduce the number of lost laptops to one per year. Should they purchase the locks?

  6. Which of the following is not a step within a risk assessment?

  7. What is a primary concern when evaluating operational characteristics?

  8. During a risk assessment, you determine that a critical business function must be operational at any given time. If it fails, operations must continue at an alternate location within the shortest period of time. What will meet this requirement?

  9. Which of the following methods are not included in a typical vulnerability assessment?

  10. Which of the following is a common tool used for vulnerability assessments?

  11. Job rotation helps employees build skills in different areas of a company. What is a security-related goal of job rotation?

  12. Of the following, what are two primary methods of protecting data?

  13. Which among the following is an asset that needs to be protected?

  14. What methods are used to retrieve meaningful data from very large databases?

  15.  

    What includes the details needed to recover a system from a disaster?

  16.  

    Of the following choices, what is the primary method used to identify and evaluate potential threats?

  17.  

    Which of the following is a technique for identifying threats?

  18.  

    What is a targeted phishing attempt that looks like it is coming from someone within a company?

  19.  

    What principle specifies that users are granted only the rights that they need to perform their job?

  20.  

    What principle specifies that users have access only to the data they need?