1. What is the goal or objective of an IT risk management plan?

A) To determine the cost of implementing countermeasures.

B) To analyze hacker threats to match those threats to found system vulnerabilities.

C) To assist organizations in handling risk management for their IT infrastructure and treat all unknown risks.

D) To automatically shut down Internet access if hacking activity is discovered in real-time.

2. Which of the choices below are NOT one of the five fundamental components of an IT risk management plan?

A) Risk assessment

B) Risk discovery

C) Risk assessment

D) Risk monitoring

3. Risk planning is...

A) The process of using the cost-benefit analysis formulas to determine the greatest risk.

B) The process of analyzing the impact of storm damage on a facility.

C) The process of anticipating risk assessment costs.

D) The process of organizing how to conduct risk management

4. Which step is to be done first in performing risk management:

A) Risk identification

B) Risk assessment

C) Risk response such as avoidance

D) Risk planning

5. Which choice below indicates the action of measuring or determining how significant a risk is?

A) Risk mitigation

B) Risk assessment

C) Risk transfer

D) Cost Benefit Analysis

6. Which practice helps address risks?

A) Risk assessment

B) Risk deployment

C) Risk response

D) Risk avoidance

7. What ongoing practice helps track risk in real time?

A) Risk monitoring

C) Confidentiality, integrity, and availability

E) Risk assessment

D) Risk determinant

8. True or False: Once all of the steps in risk management are completed (identification, assessment, response, monitoring) the task of risk management is finished.

A) True

B) False

9. Why is it a good idea to establish a risk management plan team?

A) Because the team will be instrumental in completing the cost benefit analysis

B) Because the team will be needed to convince the executive management to complete the risk management assessment.

C) Because a team is needed to maintain momentum and keep the company excited about completing the risk management plan.

D) Because the team must be able to cover all of the IT domains. The scope and boundary of an IT risk management plan can be very large.

10. Of the 7 IT domains, which domain is the most difficult to identify, assess, and monitor risk in?

A) Workstation domain

B) User domain

C) WAN domain

D) Systems/Applications domain

11. In the lab work, how did the risk identification and risk assessment of the identified risks, threats, and vulnerabilities help your IT risk management plan outline?

A) Because the textbook tracts along with the lab manual

B) Because the table in step 13 pointed out 21 risks, threats, and vulnerabilities which identified risk and their impacts. Risk response must focus on immediate action where needed, followed by a plan for ongoing response.

C) Because risk response is based on the findings from vulnerability analysis in the last chapter.

D) It was no help. There is no correlation.