FEDVTE Fundamentals of Cyber Risk Management
Assessment Questions and Answers
Which of the following families of controls belong to the technical class of controls? -
Correct AnswerIdentification and Authentication
Which of the following is a management strategy for addressing risk? - Correct
AnswerAccept
Cyber risk management solutions are typically done through which categories of
security controls? - Correct AnswerTechnical, Physical, Administrative
There are agreements organizations may enter into where one party is willing to accept
an amount of risk from another. That transfer is a strategy for managing risk. - Correct
AnswerTRUE
Which security principle is concerned with the unauthorized modification of important or
sensitive information? - Correct AnswerIntegrity
Simulating attack from a malicious source could be part of penetration testing. - Correct
AnswerTRUE
Which of the following is an example of a physical control? - Correct AnswerSecurity
guard
Incident response planning phase 1 (preparation) calls for: - Correct AnswerNot B or C
The inputs (threat source motivation, threat capacity, nature of vulnerability, and current
controls) will aid in generating output used in which step of the NIST SP risk
assessment guidance? - Correct AnswerLikelihood Determination
The threat-source is motivated and capable, but controls are in place that may impede
successful exercise of the vulnerability. Which likelihood rating does this describe? -
Correct AnswerMedium
Which technical control places publicly accessible servers in a special network
separated from the internal network? - Correct AnswerDe-militarized Zone
Establishing the context and providing common perspective on how organizations
manage risk is the goal of: - Correct AnswerRisk Framing
