CompTIA Security+ Domain 5: Risk Management Welcome to your CompTIA Security+ Domain 5: Risk Management 1. CompTIA Security+: Risk Management Which concept in risk management involves determining the impact of an adverse event that may affect the assets, resources, or operations of an organization? A. Risk Analysis B. Business Impact Analysis C. Threat Assessment D. Vulnerability Scanning None 2. CompTIA Security+: Risk Management In risk management, what does the term 'risk appetite' refer to? A. The total cost associated with mitigating a risk B. The level of risk an organization is willing to accept C. The probability of a risk occurring D. The impact a risk would have on business continuity None 3. CompTIA Security+: Risk Management Which of the following best describes a 'risk register' in the context of risk management? A. A document listing all identified risks and their causes B. A tool for tracking the financial impact of risks C. A log of all security incidents that have occurred D. A database of all risk assessments performed None 4. CompTIA Security+: Risk Management In the context of risk management, what is 'residual risk'? A. The risk remaining after all efforts to identify and eliminate risk B. The initial risk identified before any mitigation steps C. The risk transferred to a third party D. The risk accepted by the management without mitigation None 5. CompTIA Security+: Risk Management What is the primary purpose of 'quantitative risk analysis' in risk management? A. To qualitatively determine the impact of risks B. To numerically analyze the probability and impact of risks C. To categorize risks based on their source D. To delegate risks to respective departments None 6. CompTIA Security+: Risk Management Which approach in risk management prioritizes risks based on their severity and likelihood of occurrence? A. Risk Avoidance B. Risk Aggregation C. Risk Prioritization D. Risk Diversification None 7. CompTIA Security+: Risk Management In the context of risk management, what is 'risk transference'? A. Reducing the risk by changing business processes B. Eliminating the risk by discontinuing a risky process C. Shifting the risk to another entity, such as an insurance company D. Accepting the risk as part of business operations None 8. CompTIA Security+: Risk Management What does a 'Single Loss Expectancy' (SLE) calculation involve in risk management? A. Estimating the loss from a single risk over an extended period B. Calculating the total loss an organization can bear in a fiscal year C. Determining the expected monetary loss every time a specific risk occurs D. Summarizing all potential losses from various risks None 9. CompTIA Security+: Risk Management In risk management, what is the primary goal of 'risk mitigation'? A. To transfer all identified risks to third parties B. To completely eliminate all risks C. To reduce the impact or likelihood of risks D. To prioritize risks based on their impact None 10. CompTIA Security+: Risk Management Which document in risk management outlines the steps to be taken in the event of a specific risk occurrence? A. Risk Policy B. Business Impact Analysis C. Risk Response Plan D. Risk Register None 11. CompTIA Security+: Risk Management In risk management, what is the purpose of conducting a 'gap analysis'? A. To identify the difference between current and desired risk management practices B. To calculate the financial impact of potential risks C. To determine the effectiveness of current security controls D. To identify redundant processes in risk management None 12. CompTIA Security+: Risk Management What does 'Mean Time Between Failures' (MTBF) represent in the context of risk management? A. The average time for a system to recover from a failure B. The predicted time until a system component fails C. The average time between system failures D. The maximum tolerable downtime for a system None 13. CompTIA Security+: Risk Management Which of the following best describes 'Qualitative Risk Analysis' in risk management? A. It involves numerical values to measure the probability and impact of risks B. It uses descriptive methods to identify and assess risks C. It focuses on transferring risks to third parties D. It calculates the total annual loss expectancy of risks None 14. CompTIA Security+: Risk Management What is the primary focus of 'Operational Risk Management'? A. Managing risks associated with business strategic objectives B. Managing risks related to day-to-day business operations C. Addressing risks associated with external factors D. Mitigating risks related to financial investments None 15. CompTIA Security+: Risk Management In risk management, what is 'Risk Acceptance'? A. Taking action to reduce the impact of a risk B. Choosing to bear the risk without taking actions to mitigate it C. Transferring the risk to another party D. Prioritizing risks for mitigation None 16. CompTIA Security+: Risk Management What is a 'Risk Threshold' in the context of risk management? A. The maximum level of risk that an organization is willing to accept B. The minimum amount of risk necessary for a project to proceed C. The level at which a risk becomes unacceptable D. The financial impact level at which risk mitigation actions are triggered None 17. CompTIA Security+: Risk Management In risk management, what is the primary purpose of 'Continuous Monitoring'? A. To provide real-time risk assessment B. To ensure compliance with regulations C. To constantly assess the security posture of an organization D. To monitor the financial performance of security investments None 18. CompTIA Security+: Risk Management Which document in risk management outlines the overall risk strategy and policies of an organization? A. Risk Response Plan B. Business Impact Analysis C. Risk Management Policy D. Incident Response Plan None 19. CompTIA Security+: Risk Management What role does 'Due Diligence' play in risk management? A. It involves taking necessary steps to identify and mitigate risks B. It refers to the process of transferring risks C. It is the practice of accepting risks that fall within the risk threshold D. It involves regular auditing of risk management processes None 20. CompTIA Security+: Risk Management Which term describes the process of prioritizing risks for further analysis or action by assessing their likelihood and impact? A. Risk Assessment B. Risk Response C. Risk Mitigation D. Risk Evaluation None 1 out of 20 Time is Up! Time's up
