What is the risk level if you use a 5 scale (very low, low, moderate, high, very high) for probability and for impact, and the probability is very low and the impact is high?
|
1 |
||
|
5 |
||
|
4 |
||
|
25 |
Which is not a true statement about a system security plan?
|
Does not need to be updated |
||
|
Prepared by the system owner or security officer |
||
|
Describes the security controls in place for meeting requirements |
||
|
Provides an overview of the security requirements |
Once a threat has been identified and controls are in place the threat has been removed, will not occur.
True
False
Which is not an approach to mitigating threats?
| a. |
access controls |
|
| b. |
optional patches |
|
| c. |
insurance |
|
| d. |
training |
Following is the answer:
What is the risk level if you use a 5 scale (very low, low, moderate, high, very high) for probability and for impact, and the probability is very low and the impact is high?
25
Which is not a true statement about a system security plan?
Does not need to be updated
Once a threat has been identified and controls are in place the threat has been removed, will not occur.
True
Which is not an approach to mitigating threats?
optional patches
What is the risk level if you use a 5 scale (very low, low, moderate, high,...