When would it make sense to spend $$50,000 to protect an asset worth $$ 10,000?

It would never make sense to spend $$50,000 to protect an asset worth $$ 10,000.

A risk manager is contemplating risk treatment options for a particularly large risk that exceeds the organization’s stated risk tolerance. How should risk treatment proceed?

The risk manager should escalate the decision to executive management.

The risk should be divided into smaller risks.

The risk manager is empowered to make the risk treatment decision.

The risk should be put on hold.

A cybersecurity leader is recording a decision to accept a particular risk. What, if anything, should the cybersecurity leader do in regard to this accepted risk?

Queue the accepted risk to be redeliberated in one year.

Consider the risk to be accepted in perpetuity.

Convert the accepted risk to a residual risk.

Perform a risk analysis to confirm risk acceptance.

A risk manager is documenting a newly identified risk in the risk register and has identified the department head as the risk owner. The department head has instructed the risk manager to identify one of the lower level managers in the department as the risk manager. What has the department head done in this situation?

Delegated risk ownership to the lower level manager

Abdicated his risk ownership responsibility

When faced with a particularly high risk, executive management has decided to outsource the business operation associated with the risk. A legal agreement identifies that the outsourcer accepts operational risks. What becomes of the accountability associated with the risk?

Accountability remains with executive management.

Accountability is transferred to the outsourcer.

Accountability is reduced by the amount of the risk.

Accountability is transferred to the board of directors

Module 1 Quiz 2 - Risk Managemen

Authored by Elankayer Sithirasenan

Professional Development

Used 3+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

15 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A gaming software start-up company does not employ penetration testing of its software. This is an example of:

High tolerance of risk

Noncompliance

Irresponsibility

Outsourcing

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The categories of risk treatment are:

Risk avoidance, risk transfer, risk mitigation, and risk acceptance

Risk avoidance, risk transfer, and risk mitigation

Risk avoidance, risk reduction, risk transfer, risk mitigation, and risk acceptance

Risk avoidance, risk treatment, risk mitigation, and risk acceptance

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The protective measure reduces threat impact by more than 90 percent.

The asset was required for realization of $500,000 in monthly revenue.

The protective measure reduced threat probability by more than 90 percent.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A security steering committee empowered to make risk treatment decisions has chosen to accept a specific risk. What is the best course of action?

Refer the risk to a qualified external security audit firm.

Perform additional risk analysis to identify residual risk.

Reopen the risk item for reconsideration after one year.

Mark the risk item as permanently closed

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The responsibilities of a control owner include all of the following, except

Review the control.

Audit the control.

Document the control.

Maintain records for the control.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Accountability for the outcome of accepted risk is known as:

Risk acceptance

Risk transfer

Risk treatment

Risk ownership

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A risk committee has formally decided that a specific risk is to be mitigated through the enactment of a specific type of control. What has the committee done?

Risk acceptance

Risk treatment

Redefined risk tolerance

Redefined risk appetite

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

17 questions

the nature of business

Quiz

•

Professional Development

20 questions

contract law 3-elements

Quiz

•

Professional Development

10 questions

Tools of KPI

Quiz

•

Professional Development

20 questions

Module 3 unit 5 Using File System

Quiz

•

Professional Development

15 questions

Emerging Tech

Quiz

•

Professional Development

15 questions

BJT - BASICS

Quiz

•

Professional Development

18 questions

Collocation

Quiz

•

Professional Development

12 questions

Maslow's theory test

Quiz

•

Professional Development

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Professional Development

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L5_22-23

Lesson

•

KG - Professional Dev...

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

10 questions

suffixes FUL OR LESS

Quiz

•

Professional Development

Module 1 Quiz 2 - Risk Managemen

A gaming software start-up company does not employ penetration testing of its software. This is an example of:

The categories of risk treatment are:

A security steering committee empowered to make risk treatment decisions has chosen to accept a specific risk. What is the best course of action?

The responsibilities of a control owner include all of the following, except

Accountability for the outcome of accepted risk is known as:

A risk committee has formally decided that a specific risk is to be mitigated through the enactment of a specific type of control. What has the committee done?

A risk committee has formally decided to mitigate a specific risk. Where should this decision be documented?

A risk manager is contemplating risk treatment options for a particularly large risk that exceeds the organization’s stated risk tolerance. How should risk treatment proceed?

A cybersecurity leader is recording a decision to accept a particular risk. What, if anything, should the cybersecurity leader do in regard to this accepted risk?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development