1. Which of the following statements best describes risk?
The probability of loss of a valued resource
2. In which of the IT domains is a hub considered a major component of risk?
Unknown—NOT USER DOMAIN
3. How does risk management impact an organization?
Affects the survivability
4. Which of the following is not a technique for dealing with vulnerabilities?
Cost-benefit analysis
5. Which of the following statements about threats is not accurate?
Threats can be eliminated completely
6. What would you most commonly do to reduce the potential risk from a threat/vulnerability pair?
Reduce the vulnerability
7. After implementing several security controls, what should be done to ensure the controls are performing as expected?
Continuous monitoring
8. What is the most common target of perpetrators initiating an exploit?
Public-facing servers
9. Which of the following is a U.S. organization that publishes the Special Publication 800 (SP 800) series of documents?
NIST
10. What U.S. organization routinely publishes free cybersecurity-related alerts and tips, and includes the ability to subscribe to e-mail alerts for cybersecurity topics?
Unknown—NOT CVE
11. Companies are expected to understand and abide by any laws that apply to them. What is this commonly called?
Compliance
12. To which of the following would HIPAA apply?
Health insurance companies
13. What is the first step you would take when creating a HIPAA compliance plan?
Assessment
14. Which agency enforces the Sarbanes-Oxley Act (SOX)?
SEC
15. To which of the following would SOX apply?
Publicly traded companies
16. Which of the following is not one of the objectives of a risk management plan?
Eliminate risk
17. Which portion of a risk management plan explains the extent to which the plan will be organized and carried out?
Scope
18. What is scope?
Boundaries of a plan
19. Of the