A General Approach to Risk Management Coursera Quiz Answers

Get A General Approach to Risk Management Coursera Quiz Answers

Every organization uses its information to support its business operations. When there are threats in the internal and external environments, they create the risk of information loss or damage. This course examines the design and construction of a risk management program, including policies and plans, to support the identification and treatment of risk to the organization’s information assets.

Enroll On Coursera

A General Approach to Risk Management Coursera Quiz Answers

Week 2: Building the Risk Management Effort

Quiz 1: Structuring the Risk Management Planning Team

Q1. A properly organized risk management development project will involve _____.

  • one specialized team of experts
  • two teams, the framework team and the process team
  • two teams, the build team and the analysis team
  • three teams, the build team, the process team, and the analysis team

Q2. In organizations where risk management was never formally done the framework team usually starts by _____.

  • structuring the process team
  • collecting risk management reports
  • selecting a methodology
  • performing continuous improvement reviews

Q3. When assembling the framework team, which of the following is correct?

  • Assign individuals from the cybersecurity unit.
  • Assign individuals from the information technology unit.
  • Assign individuals from business operational units.
  • All of the above are correct.

Quiz 2: Establishing Risk Appetite

Q1. A fundamental premise in Cybersecurity is that with enough effort you can get risk to zero.

  • True
  • False

Q2. _____ is the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

  • Inherent risk
  • Risk appetite
  • Analytic risk
  • Residual risk

Q3. The aggregation of risk _____ becomes the risk appetite for the organization.

  • estimates
  • elements
  • residuals
  • thresholds

Quiz 3: Developing the Risk Management Policy

Q1. The goals and objectives from senior management are used to first create the risk management _____ and eventually the RM plan.

  • budget
  • architecture
  • schedule
  • policy

Q2. The risk management policy, much like the enterprise information security policy, is a(n) _____ document that formalizes much of the intent of the governance group.

  • strategic
  • operational
  • tactical

Q3. Which of these is NOT an element of risk management policy?

  • Purpose and Scope
  • Roles and Responsibilities
  • Asset Inventories
  • Intent and Objectives

Quiz 4: Developing the Risk Management Plan

Q1. The risk management (RM) plan contains a _____ set of the steps to perform in the conduct of both the RM framework and the RM process, along with supporting information on who performs each step and how.

  • summarized
  • strategic
  • macroscopic
  • detailed

Q2. The RM Plan should begin with _____.

  • an explanation of what risk management is
  • the risk appetite statement
  • a description of the risk management methodology
  • the risk management schedule

Q3. When it is complete, the risk management plan is reproduced and distributed to every employee in the organization.

  • True
  • False

Quiz 5: On Building the Risk Management Effort

Q1. In organizations where risk management was never formally done the framework team usually starts by _____.

  • structuring the process team
  • collecting risk management reports
  • selecting a methodology
  • performing continuous improvement reviews

Q2. _____ is the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

  • Inherent risk
  • Risk appetite
  • Analytic risk
  • Residual risk

Q3. The aggregation of risk _____ becomes the risk appetite for the organization.

  • estimates
  • elements
  • residuals
  • thresholds

Q4. A fundamental premise in Cybersecurity is that with enough effort you can get risk to zero.

  • True
  • False

Q5. The goals and objectives from senior management are used to first create the risk management _____ and eventually the RM plan.

  • budget
  • architecture
  • schedule
  • policy

Q6. The risk management policy, much like the enterprise information security policy, is a(n) _____ document that formalizes much of the intent of the governance group.

  • strategic
  • operational
  • tactical

Q7. Which of these is NOT an element of risk management policy?

  • Purpose and Scope
  • Roles and Resonsibilities
  • Asset Inventories
  • Intent and Objectives

Q8. The document that contains the details of the implementation and conduct of the RM efforts is referred to as the risk management _____.

  • process
  • strategy
  • plan
  • policy

Q9. The risk management (RM) plan contains a _____ set of the steps to perform in the conduct of both the RM framework and the RM process, along with supporting information on who performs each step and how.

  • summarized
  • strategic
  • macroscopic
  • detailed

Q10. When it is complete, the risk management plan is reproduced and distributed to every employee in the organization.

  • True
  • False

Week 3: Planning for Risk Management

Quiz 1: Evaluating Risk Management Methodologies

Q1: At this time, there are _____ formal methods for evaluating risk management methodologies.

  • many
  • only two
  • no
  • only a few

Q2. The size and the _____ of the organization will influence which methodology is chosen.

  • level of maturity
  • level of IT complexity
  • organization’s mission and purpose
  • all of the other answers given here are correct

Q3. The International Organization for Standardization or ISO has two standards focusing on risk management. Which of these is NOT one of those standards?

  • ISO 27001
  • ISO 31000
  • ISO 27005

Quiz 2: Building the RM Framework, Part 1

Q1. Governance is the oversight responsibility of the organization’s first-line management and team supervisors.

  • True
  • False

Q2. The entire risk management program begins with _____.

  • collecting risk assessment from company assets
  • a formal acknowledgement by the organization’s governance group
  • selecting a formal risk management methodology
  • defining external security threats

Q3. Every organization follows a single standard risk management approach to make sure that they get what works best.

  • True
  • False

Quiz 3: Building the RM Framework, Part 2

Q1. The organization may use a _____ in which only a piece of the RM process is initially implemented, such as the risk identification phase.

  • phased approach
  • pilot test
  • direct cutover
  • direct phaseout

Q2. Performance measures are often used to collect data about the RM process and determine its success or failure.

  • True
  • False

Q3. The direct cutover is an approach to building a formal program to continuously review and improve any type of organizational effort.

  • True
  • False

Quiz 4: Designing and Building the RM Process

Q1. Designing the risk management program means defining and specifying the detailed tasks to be performed by only the framework team.

  • True
  • False

Q2. Evaluating the risk to the organization’s key assets includes:

  • Identifying individual risk tolerances for each information asset.
  • Combining or synthesizing these individual risk tolerances into a coherent risk appetite statement.
  • Both of the above are included.
  • Neither of the above are included.

Q3. The four basic strategies to treat the risks for those assets include all of the following EXCEPT:

  • Mitigation
  • Transference
  • Acceptance
  • Endoresement

Quiz 5: Wrap up for Planning for Risk Management

Q1. The size and the _____ of the organization will influence which methodology is chosen.

  • level of maturity
  • level of IT complexity
  • organization’s mission and purpose
  • all of the other answers given here are correct

Q2. The International Organization for Standardization or ISO has two standards focusing on risk management. Which of these is NOT one of those standards?

  • ISO 31000
  • ISO 27001
  • ISO 27005

Q3. The weighted table analysis relies on extremely complex mathematical functions.

  • True
  • False

Q4. Governance is the oversight responsibility of the organization’s first-line management and team supervisors.

  • True
  • False

Q5. The implementation of the RM processcould be based on one of the following traditional IT implementation methods EXCEPT:

  • desk check
  • pilot test
  • direct phaseout
  • phased approach

Q6. The organization may use a _____ in which only a piece of the RM process is initially implemented, such as the risk identification phase.

  • phased approach
  • pilot test
  • direct cutover
  • direct phaseout

Q7. The direct cutover is an approach to building a formal program to continuously review and improve any type of organizational effort.

  • True
  • False

Q8. Evaluating the risk to the organization’s key assets includes:

  • Identifying individual risk tolerances for each information asset.
  • Combining or synthesizing these individual risk tolerances into a coherent risk appetite statement.
  • Both of the above are included.
  • Neither of the above are included.

Q9. The four basic strategies to treat the risks for those assets include all of the following EXCEPT:

  • Mitigation
  • Transference
  • Acceptance
  • Endoresement

Q10. Designing the risk management program means defining and specifying the detailed tasks to be performed by only the framework team.

  • True
  • False

Week 4: Conducting the RM Process

Quiz 1: Preparation and Risk Identification: Asset Inventory

Q1. Risk identification begins with a process of self-examination, and the first step must be to _____.

  • classify the organization’s information assets
  • identify the organization’s information assets
  • categorize the organization’s information assets into useful groups
  • prioritize the organization’s information assets by overall importance

Q2. The risk identification process begins with the prioritization of the information assets.

  • True
  • False

Q3. The more manageable approach to risk identification is to define an information asset as either media or “the sets, databases and other collections of data or information”.

  • True
  • False

Quiz 2: Risk Identification: Information Asset Classification, Categorization, Valuation, and Prioritization

Q1. The asset inventory should also identify the _____.

  • sensitivity
  • security priority
  • both of the first two answers are correct
  • of the first two answers are correct

Q2. A data classification scheme should be developed (or reviewed, if already in place) that _____

  • excludes all sensitive data with low security needs
  • includes only sensitive data with high security needs
  • classifies information assets based on their sensitivity and security needs
  • includes only sensitive data without regard to the level of security needs

Q3. At the end of the risk identification process, an organization should have _____.

  • a prioritized list of assets and a general list of threats that face the organization’s assets
  • a prioritized list of assets and a prioritized list of threats that face the organization’s assets
  • a general list of assets and a general list of threats that face the organization’s assets
  • a general list of assets and a prioritized list of threats that face the organization’s assets

Quiz 3: Risk Analysis – Likelihood and Impact

Q1. Risk _____ assigns a risk rating or score to each specific vulnerability.

  • assessment
  • evaluation
  • analysis
  • judgment

Q2. Likelihood as used in risk management is _____.

  • the probability that a specific vulnerability will be exploited or attacked
  • the chance that a technical control will fail
  • the average number of times a system will fail
  • how much opportunity a control has to succeed

Q3. When valuing an asset, an approach that chooses from options of “Very Valuable”, “Valuable”, or “Not Valuable” would be considered as a _____ approach.

  • quantitative
  • qualitative
  • quantum
  • intangible

Quiz 4: Risk Evaluation

Q1. _____ is simply the comparison of the risk ratings to the organization’s risk appetite.

  • Risk identification
  • Risk evaluation
  • Risk treatment
  • Risk control

Q2. Each organization must establish a default risk threshold value based on their risk appetite statement.

  • True
  • False

Q3. Assets with vulnerabilities with assessed risk levels that are above the established risk threshold settings do not have to be addressed by the organization.

  • True
  • False

Quiz 5: Wrap-up for Conducting the RM Process

Q1. The risk identification process begins with the prioritization of the information assets.

  • True
  • False

Q2. The more manageable approach to risk identification is to define an information asset as either media or “the sets, databases and other collections of data or information”.

  • True
  • False

Q3. Very few organizations use asset inventory systems to keep track of their information assets.

  • True
  • False

Q4. A data classification scheme should be developed (or reviewed, if already in place) that _____

  • excludes all sensitive data with low security needs
  • includes only sensitive data with high security needs
  • classifies information assets based on their sensitivity and security needs
  • includes only sensitive data without regard to the level of security needs

Q5. At the end of the risk identification process, an organization should have _____.

  • a prioritized list of assets and a general list of threats that face the organization’s assets
  • a prioritized list of assets and a prioritized list of threats that face the organization’s assets
  • a general list of assets and a general list of threats that face the organization’s assets
  • a general list of assets and a prioritized list of threats that face the organization’s assets

Q6. For most organizations, a simple classification scheme of public, internal, and confidential is usually sufficient.

  • True
  • False

Q7. Risk _____ assigns a risk rating or score to each specific vulnerability.

  • assessment
  • evaluation
  • analysis
  • judgment

Q8. When valuing an asset, an approach that chooses from options of “Very Valuable”, “Valuable”, or “Not Valuable” would be considered as a _____ approach.

  • quantitative
  • qualitative
  • quantum
  • intangible

Q9. _____ is simply the comparison of the risk ratings to the organization’s risk appetite.

  • Risk identification
  • Risk evaluation
  • Risk treatment
  • Risk control

Q10. Risk entanglement comes from the obervations that solutions for one information asset never positively or negatively affect the level of risk in other information assets.

  • True
  • False

Week 5: Conducting the RM Process: Risk Treatment

Quiz 1: An Overview of Risk Treatment

Q1. Applying controls and safeguards that eliminate or reduce the remaining uncontrolled risk is the strategy known as _____.

  • mitigation
  • transference
  • acceptance
  • termination

Q2. Understanding the consequences of choosing to leave an information asset’s vulnerability facing the current level of risk, but only after a formal evaluation and intentional acknowledgment of this decision is the strategy known as _____.

  • mitigation
  • transference
  • acceptance
  • termination

Q3. The point in time before a disruption or system outage to which business process data can be recovered after an outage, given the most recent backup copy of the data is called _____.

  • maximum tolerable downtime (MTD)
  • recovery point objective (RPO)
  • recovery time objective (RTO)
  • work recovery time (WRT)

Quiz 2: Risk Treatment: Mitigation & Transference

Q1. The risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards in an effort to change the likelihood of a successful attack on an information asset is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q2. Outsourcing is a risk free way to acheive risk transference.

  • True
  • False

Q3. The common approaches given here to implement the mitigation risk treatment stargey include all of these EXCEPT:

  • Application of policy
  • Application of technology
  • Application of security education, training, and awareness (SETA) programs
  • All of these are common approahes

Quiz 3: Risk Treatment: Avoidance & Acceptance

Q1. The risk treatment strategy that is based on the organization’s intentional choice not to protect an asset is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q2. The risk treatment strategy that is the decision to do nothing beyond the current level of protection to shield an information asset from risk and to accept the outcome from any resulting exploitation is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q3. It is an acceptable response for an organization to plead ignorance and thus abdicate its legal responsibility to protect employees’ and customers’ information.

  • True
  • False

Quiz 4: Implementing Risk Treatment Strategies

Q1. The goal of Cybersecurity is not to bring residual risk to zero;

rather, it is to _____.

  • reduce risk to 10% of its initial value
  • bring residual risk in line with an organization’s risk appetite
  • bring residual risk in line with industry standards
  • bring residual risk in line with an organization’s risk boundary

Q2. After an information system is designed, the organization must determine whether the system has _____ that can be exploited

  • vulnerabilities
  • capabilities
  • features
  • utilities

Q3. When a vulnerability (flaw or weakness) exists in an important asset—Implement security controls to increase the likelihood of a vulnerability being exploited.

  • True
  • False

Quiz 5: Wrap up for Conducting the RM Process: Risk Treatment

Q1. Understanding the consequences of choosing to leave an information asset’s vulnerability facing the current level of risk, but only after a formal evaluation and intentional acknowledgment of this decision is the strategy known as _____.

  • mitigation
  • transference
  • acceptance
  • termination

Q2. _____ is a preparatory activity common to both CP and risk management. It helps the organization determine which business functions and information systems are the most critical to the success of the organization.

  • The Business Impact Analysis (BIA)
  • An Incident Response Plan
  • A Disaster Recovery Plan
  • A Risk Rating Worksheet

Q3. The point in time before a disruption or system outage to which business process data can be recovered after an outage, given the most recent backup copy of the data is called _____.

  • maximum tolerable downtime (MTD)
  • recovery point objective (RPO)
  • recovery time objective (RTO)
  • work recovery time (WRT)

Q4. The risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards in an effort to change the likelihood of a successful attack on an information asset is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q5. The risk treatment strategy that attempts to shift risk to other assets, processes, or organizations that may be accomplished by rethinking how services are offered, revising deployment models, outsourcing to other organizations, purchasing insurance, or implementing service contracts with providers is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q6. Outsourcing is a risk free way to achieve risk transference.

  • True
  • False

Q7. Sometimes, the cost of protecting an asset outweighs its value and it may be too difficult or expensive to protect an asset.

  • True
  • False

Q8. Sometimes, the cost of protecting an asset outweighs its value and it may be too difficult or expensive to protect an asset.

  • vulnerabilities
  • capabilities
  • features
  • utilities

Q9. To calculate a cost-benefit analysis on new controls, begin with _____ for which we would like to implement new controls.

  • estimating the cost to deploy the new control(s)
  • estimating the improvement in expected losses from using the new control(s)
  • calculating the uncertainty factor
  • calculating the value of an information asset

Q10. When a vulnerability (flaw or weakness) exists in an important asset—Implement security controls to increase the likelihood of a vulnerability being exploited.

  • True
  • False

Week 6: Course wrap-up for A General Approach to Risk Management

Quiz: Final Course Assessment

Q1. A properly organized risk management development project will involve _____.

  • one specialized team of experts
  • two teams, the framework team and the process team
  • two teams, the build team and the analysis team
  • three teams, the build team, the process team, and the analysis team

Q2. In organizations where risk management was never formally done the framework team usually starts by _____.

  • structuring the process team
  • collecting risk management reports
  • selecting a methodology
  • performing continuous improvement reviews

Q3. When assembling the framework team, which of the following are correct?

  • Assign individuals from the cybersecurity unit.
  • Assign individuals from the information technology unit.
  • Assign individuals from business operational units.
  • All of the above are correct.

Q4. _____ is the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility.

  • Inherent risk
  • Risk appetite
  • Analytic risk
  • Residual risk

Q5. The aggregation of risk _____ becomes the risk appetite for the organization.

  • estimates
  • elements
  • residuals
  • thresholds

Q6. A fundamental premise in Cybersecurity is that with enough effort you can get risk to zero.

  • True
  • False

Q7. The goals and objectives from senior management are used to first create the risk management _____ and eventually the risk management plan.

  • budget
  • architecture
  • schedule
  • policy

Q8. Which of these is NOT an element of a well-prepared risk management policy?

  • Purpose and Scope
  • Roles and Responsibilities
  • Asset Inventories
  • Intent and Objectives

Q9. The document that contains the details of the implementation and conduct of the risk management efforts is referred to as the risk management _____.

  • process
  • strategy
  • plan
  • policy

Q10. The risk management (RM) plan contains a _____ set of the steps to perform in the conduct of both the RM framework and the RM process, along with supporting information on who performs each step and how.

  • summarized
  • strategic
  • macroscopic
  • detailed

Q11. The risk management plan should begin with _____.

  • an explanation of what risk management is
  • the risk appetite statement
  • a description of the risk management methodology
  • the risk management schedule

Q12. When it is complete, the risk management plan is reproduced and distributed to every employee in the organization.

  • True
  • False

Q13. At this time, there are _____ formal methods for evaluating risk management methodologies.

  • many
  • no
  • only a few
  • only two

Q14. The International Organization for Standardization or ISO has two standards focusing on risk management. Which of these is NOT one of those standards?

  • ISO 31000
  • ISO 27001
  • ISO 27005

Q15. The entire risk management program begins with _____.

  • collecting risk assessment from company assets
  • a formal acknowledgement by the organization’s governance group
  • selecting a formal risk management methodology
  • defining external security threats

Q16. Every organization organization follows a standard risk management approach to make sure that they get what works best.

  • True
  • False

Q17. The implementation of the risk management process could be based on one of the following traditional IT implementation methods EXCEPT:

  • desk check
  • pilot test
  • direct phaseout
  • phased approach

Q18. The organization may use a _____ in which only a piece of the risk management process is initially implemented, such as the risk identification phase.

  • phased approach
  • pilot test
  • direct cutover
  • direct phaseout

Q19. The four basic strategies to treat the risks for those assets include all of the following EXCEPT:

  • Mitigation
  • Transference
  • Acceptance
  • Endorsement

Q20. Risk identification begins with a process of self-examination, and the first step must be to _____.

  • classify the organization’s information assets
  • identify the organization’s information assets
  • categorize the organization’s information assets into useful groups
  • prioritize the organization’s information assets by overall importance

Q21. The risk identification process begins with the prioritization of the information assets.

  • True
  • False

Q22. The more manageable approach to risk identification is to define an information asset as either media or “the sets, databases and other collections of data or information”.

  • True
  • False

Q23. Very few organizations use asset inventory systems to keep track of their information assets.

  • True
  • False

Q24. The asset inventory should also identify the _____.

  • sensitivity
  • security priority
  • both A & B are correct
  • neither A nor B are correct

Q25. A data classification scheme should be developed (or reviewed, if already in place) that _____

  • excludes all sensitive data with low security needs
  • includes only sensitive data with high security needs
  • classifies information assets based on their sensitivity and security needs
  • includes only sensitive data without regard to the level of security needs

Q26. At the end of the risk identification process, an organization should have _____.

  • a prioritized list of assets and a general list of threats that face the organization’s assets
  • a prioritized list of assets and a prioritized list of threats that face the organization’s assets
  • a general list of assets and a general list of threats that face the organization’s assets
  • a general list of assets and a prioritized list of threats that face the organization’s assets

Q27. For most organizations, a simple classification scheme of public, internal, and confidential is usually sufficient.

  • True
  • False

Q28. Risk _____ assigns a risk rating or score to each specific vulnerability.

  • assessment
  • evaluation
  • analysis
  • judgment

Q29. Estimating risk is _____.

  • a very precise process
  • not an exact science
  • very straightforward
  • requires little background or experience

Q30. Likelihood as used in risk management is _____.

  • the probability that a specific vulnerability will be exploited or attacked
  • the chance that a technical control will fail
  • the average number of times a system will fail
  • how much opportunity a control has to succeed

Q31. When valuing an asset, an approach that chooses from options of “Very Valuable”, “Valuable”, or “Not Valuable” would be considered as a _____ approach.

  • quantitative
  • qualitative
  • quantum
  • intangible

Q32. _____ is simply the comparison of the risk ratings to the organization’s risk appetite.

  • Risk identification
  • Risk evaluation
  • Risk treatment
  • Risk control

Q33. Each organization must establish a default risk threshold value based on their risk appetite statement.

  • True
  • False

Q34. Assets with vulnerabilities with assessed risk levels that are above the established risk threshold settings do not have to be addressed by the organization.

  • True
  • False

Q35. Risk entanglement comes from the observation that solutions for one information asset never positively or negatively affect the level of risk in other information assets.

  • True
  • False

Q36. As risk treatment begins, the organization has a list of information assets that have more risk than can be justified and needs to select an appropriate strategy to reduce risk further. Most organizations apply _____ strategies to assets with excessive residual risk.

  • single
  • at most one or two
  • multiple

Q37. Applying controls and safeguards that eliminate or reduce the remaining uncontrolled risk is the strategy known as _____.

  • mitigation
  • transference
  • acceptance
  • termination

Q38. Understanding the consequences of choosing to leave an information asset’s vulnerability facing the current level of risk, but only after a formal evaluation and intentional acknowledgment of this decision is the strategy known as _____.

  • mitigation
  • transference
  • acceptance
  • termination

Q39. _____ is a preparatory activity common to both CP and risk management. It helps the organization determine which business functions and information systems are the most critical to the success of the organization.

  • The Business Impact Analysis (BIA)
  • An Incident Response Plan
  • A Disaster Recovery Plan
  • A Risk Rating Worksheet

Q40. The point in time before a disruption or system outage to which business process data can be recovered after an outage, given the most recent backup copy of the data is called _____.

  • maximum tolerable downtime (MTD)
  • recovery point objective (RPO)
  • recovery time objective (RTO)
  • work recovery time (WRT)

Q41. The risk treatment strategy that attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards in an effort to change the likelihood of a successful attack on an information asset is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q42. The risk treatment strategy that attempts to shift risk to other assets, processes, or organizations that may be accomplished by rethinking how services are offered, revising deployment models, outsourcing to other organizations, purchasing insurance, or implementing service contracts with providers is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q43. The common approaches given here to implement the mitigation risk treatment strategy include all of these EXCEPT:

  • Application of policy
  • Application of technology
  • Application of security education, training, and awareness (SETA) programs
  • All of these are common approaches

Q44. The risk treatment strategy that is based on the organization’s intentional choice not to protect an asset is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q45. The risk treatment strategy that is the decision to do nothing beyond the current level of protection to shield an information asset from risk and to accept the outcome from any resulting exploitation is known as the _____ strategy.

  • mitigation
  • transference
  • acceptance
  • termination

Q46. Sometimes, the cost of protecting an asset outweighs its value and it may be too difficult or expensive to protect an asset.

  • True
  • False

Q47. It is an acceptable response for an organization to plead ignorance and thus abdicate its legal responsibility to protect employees’ and customers’ information.

  • True
  • False

Q48. the goal of Cybersecurity is not to bring residual risk to zero;

rather, it is to _____.

  • reduce risk to 10% of its initial value
  • bring residual risk in line with an organization’s risk appetite
  • bring residual risk in line with industry standards
  • bring residual risk in line with an organization’s risk boundary

Q49. After an information system is designed, the organization must determine whether the system has _____ that can be exploited

  • vulnerabilities
  • capabilities
  • features
  • utilities

Q50. To calculate a cost-benefit analysis on new controls, begin with _____ for which we would like to implement new controls.

  • estimating the cost to deploy the new control(s)
  • estimating the improvement in expected losses from using the new control(s)
  • calculating the uncertainty factor
  • calculating the value of an information asset
Conclusion:

I hope this A General Approach to Risk Management Coursera Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Leave a Reply

Your email address will not be published.