Multiple Choice
Identify the
choice that best completes the statement or answers the question.
|
|
|
1.
|
(1 point) A system stores sensitive financial data that would be valuable to
cybercriminals. How does this affect likelihood?
a. | Decreases
impact | b. | Eliminates threat | c. | Reduces motivation | d. | Increases likelihood because the asset is high
value |
|
|
|
2.
|
(1 point) A vulnerability is described as ?medium likelihood, severe impact.? What
analysis method is being used?
a. | Qualitative risk
analysis | b. | Quantitative risk analysis | c. | Financial modeling | d. | Incident
response |
|
|
|
3.
|
(1 point) A nation-state adversary has advanced capabilities and strong motivation. How
does this affect risk?
a. | It eliminates
vulnerability | b. | It guarantees prevention | c. | It increases likelihood of complex
exploitation | d. | It decreases impact |
|
|
|
4.
|
(1 point) A vulnerability requires expensive equipment and rare knowledge to exploit.
How does this affect risk?
a. | Increases
motivation | b. | Eliminates damage | c. | Increases impact | d. | Decreases likelihood |
|
|
|
5.
|
(1 point) A risk matrix assigns likelihood 3 and impact 9. What type of evaluation is
this?
a. | Quantitative risk
analysis | b. | Compliance review | c. | Qualitative risk analysis | d. | Threat
elimination |
|
|
|
6.
|
(1 point) A breach results in direct theft of $500,000. What type of damage is
this?
a. | Reputational
damage | b. | Financial damage | c. | Emotional damage | d. | Operational damage |
|
|
|
7.
|
(1 point) A system stores highly sensitive data attractive to criminals. How does this
affect likelihood?
a. | It reduces
impact | b. | It decreases motivation | c. | It increases likelihood | d. | It eliminates
risk |
|
|
|
8.
|
(1 point) A highly motivated adversary is willing to spend months developing an exploit.
How should likelihood be analyzed?
a. | Eliminated
impact | b. | Decreased likelihood | c. | Low severity | d. | Increased
likelihood |
|
|
|
9.
|
(1 point) Why do highly capable adversaries increase overall risk?
a. | They eliminate
impact | b. | They can exploit complex vulnerabilities | c. | They reduce motivation | d. | They prevent
detection |
|
|
|
10.
|
(1 point) Why must risk be analyzed from the adversary?s
perspective?
a. | Because motivation is
irrelevant | b. | Because impact determines cost only | c. | Because all assets are
equal | d. | Because attackers target assets they value
most |
|
|
|
11.
|
(1 point) A security team rates a vulnerability as ?likely high impact.? What type of
risk analysis is this?
a. | Operational
analysis | b. | Qualitative analysis | c. | Financial analysis | d. | Quantitative
analysis |
|
|
|
12.
|
(1 point) A door?s motion sensor can be triggered from the outside with a thin object.
Why is this vulnerability more likely to be exploited?
a. | It causes severe
damage | b. | It is hidden from attackers | c. | It has a simple, well-known
exploit | d. | It requires advanced skill |
|
|
|
13.
|
(1 point) A vulnerability is likely to be exploited but would only disrupt services
briefly. How should this risk be analyzed?
a. | High likelihood, moderate
impact | b. | Low likelihood, high impact | c. | Severe impact, unlikely | d. | High impact, low
likelihood |
|
|
|
14.
|
(1 point) A vulnerability is widely known and easy to trigger. How does this affect
risk?
a. | It eliminates
impact | b. | It reduces likelihood | c. | It increases likelihood | d. | It prevents
exploitation |
|
|
|
15.
|
(1 point) A vulnerability is rated 8 out of 10 for likelihood. What type of analysis is
this?
a. | Reputational
review | b. | Qualitative analysis | c. | Threat elimination | d. | Quantitative
analysis |
|
|
|
16.
|
(1 point) A vulnerability can be exploited with a simple online tutorial. What does this
indicate about risk?
a. | No
vulnerability | b. | No impact | c. | Higher likelihood of exploitation | d. | Lower likelihood of
exploitation |
|
|
|
17.
|
(1 point) Customers lose confidence after news of a breach spreads on social media. What
type of damage is this?
a. | Financial
damage | b. | Physical damage | c. | Reputational damage | d. | Hardware
damage |
|
|
|
18.
|
(1 point) A vulnerability is likely but would cause only minor inconvenience. What is
the best analysis?
a. | High impact, low
likelihood | b. | Severe impact, unlikely | c. | Low likelihood, high
impact | d. | High likelihood, low impact |
|
|
|
19.
|
(1 point) A ransomware attack stops online banking for 48 hours. What type of damage is
this?
a. | Financial
damage | b. | Reputational damage | c. | Emotional damage | d. | Operational
damage |
|
|
|
20.
|
(1 point) A flaw requires expert skill to exploit but would shut down operations if
successful. What is the best analysis?
a. | High likelihood, low
impact | b. | Low likelihood, low impact | c. | High likelihood, high
impact | d. | Low likelihood, high impact |
|
|
|
21.
|
(1 point) A vulnerability is unlikely to be exploited but would cost $2 million if
exploited. How should this risk be prioritized?
a. | Ignore due to low
likelihood | b. | Treat as low risk | c. | Focus only on likelihood | d. | Consider high impact despite low
likelihood |
|
|
|
22.
|
(1 point) A bank?s public website has a minor typo vulnerability that is easy to exploit
but would only cause slight embarrassment. How should this risk be analyzed?
a. | High likelihood, high
impact | b. | Low likelihood, low impact | c. | Low likelihood, high
impact | d. | High likelihood, low impact |
|
|
|
23.
|
(1 point) A ransomware attack shuts down banking services for two days. Which type of
damage best describes this impact?
a. | Emotional
damage | b. | Reputational damage | c. | Operational damage | d. | Regulatory
damage |
|
|
|
24.
|
(1 point) When analyzing risk, why must value be considered from the adversary?s
perspective?
a. | Because all assets have equal
value | b. | Because value only affects impact | c. | Because value determines cost of
hardware | d. | Because adversaries target assets they see as
valuable |
|
|
|
25.
|
(1 point) A risk is estimated at $250,000 in projected loss. What analysis type is
this?
a. | Technical
classification | b. | Behavioral analysis | c. | Quantitative analysis | d. | Qualitative
analysis |
|
|
|
26.
|
(1 point) An attacker can exploit a weakness with a simple online tutorial. What does
this indicate?
a. | High likelihood of
exploitation | b. | Low likelihood of exploitation | c. | No impact | d. | No
vulnerability |
|
|
|
27.
|
(1 point) A nation-state actor is highly motivated and has advanced tools. How does this
affect risk analysis?
a. | Decreases reputational
damage | b. | Eliminates financial impact | c. | Makes vulnerabilities
irrelevant | d. | Increases likelihood of complex
exploitation |
|
|
|
28.
|
(1 point) A risk matrix assigns a vulnerability a score of 3 for likelihood and 9 for
impact. What type of evaluation is this?
a. | Policy
review | b. | Threat elimination | c. | Quantitative risk
analysis | d. | Qualitative risk analysis |
|
|
|
29.
|
(1 point) A vulnerability is described as ?medium likelihood, severe impact.? What
method is used?
a. | Qualitative risk
analysis | b. | Financial modeling | c. | Patch management | d. | Quantitative risk
analysis |
|
|
|
30.
|
(1 point) Which combination represents the highest overall risk?
a. | High likelihood and low
impact | b. | High likelihood and high impact | c. | Low likelihood and low
impact | d. | Low likelihood and high impact |
|
|
|
31.
|
(1 point) A vulnerability is estimated to cause $250,000 in losses if exploited. What
type of analysis is this?
a. | Access control
review | b. | Qualitative analysis | c. | Quantitative analysis | d. | Behavioral
analysis |
|
|
|
32.
|
(1 point) A vulnerability has publicly available exploit code online. How does this
affect likelihood?
a. | Significantly increases
likelihood | b. | Reduces adversary interest | c. | Decreases likelihood | d. | Eliminates
impact |
|
|
|
33.
|
(1 point) A vulnerability is unlikely but would cost $2 million if exploited. How should
it be prioritized?
a. | Consider high impact despite low
likelihood | b. | Focus only on likelihood | c. | Treat as low risk only | d. | Ignore due to low
likelihood |
|
|
|
34.
|
(1 point) Which combination represents the greatest overall risk?
a. | Low likelihood and high
impact | b. | Low likelihood and low impact | c. | High likelihood and high
impact | d. | High likelihood and low impact |
|
|
|
35.
|
(1 point) A vulnerability in the bank?s database could expose all customer financial
records, but exploiting it requires advanced technical skill. How should this risk be
analyzed?
a. | Low likelihood, high
impact | b. | High likelihood, low impact | c. | Low likelihood, low
impact | d. | High likelihood, high impact |
|
|
|
36.
|
(1 point) A vulnerability is scored as 8 out of 10 on a risk scale. What type of risk
analysis is this?
a. | Reputational
analysis | b. | Qualitative analysis | c. | Quantitative analysis | d. | Threat
modeling |
|
|
|
37.
|
(1 point) A hacktivist group values a company?s homepage for spreading awareness. Why
does this increase likelihood of attack?
a. | The attack has no
impact | b. | The asset is high value from the adversary?s
perspective | c. | The asset is low cost to maintain | d. | The vulnerability is
eliminated |
|
|
|
38.
|
(1 point) A vulnerability has public exploit code available online. What does this
indicate about likelihood?
a. | It guarantees financial
loss | b. | It is more likely to be exploited | c. | It eliminates impact | d. | It is less likely to be
exploited |
|
|
|
39.
|
(1 point) A vulnerability is labeled ?likely high impact.? What type of analysis is
this?
a. | Operational
analysis | b. | Quantitative analysis | c. | Technical analysis | d. | Qualitative
analysis |
|
|
|
40.
|
(1 point) A vulnerability is extremely difficult to exploit. What does this suggest
about likelihood?
a. | It is
low | b. | It is certain | c. | It is high | d. | It is severe |
|
|
|
41.
|
(1 point) A hacktivist group targets a bank?s homepage to protest its investments. Why
would the homepage be considered high value from their perspective?
a. | It is easy to
secure | b. | It contains backup files | c. | It stores financial
records | d. | It supports their cause and gains public
attention |
|
|
|
42.
|
(1 point) A phishing attack results in direct monetary loss. What type of damage is
this?
a. | Physical
damage | b. | Reputational damage | c. | Operational damage | d. | Financial
damage |
|
|
|
43.
|
(1 point) A breach results in customers losing trust in the bank. What type of damage
occurred?
a. | Physical
damage | b. | Operational damage | c. | Financial damage | d. | Reputational
damage |
|
|
|
44.
|
(1 point) A data breach causes customers to lose trust in the bank and move their
accounts elsewhere. What type of damage occurred?
a. | Operational
damage | b. | Physical damage | c. | Hardware damage | d. | Reputational damage |
|
|
|
45.
|
(1 point) A vulnerability is difficult to exploit and requires expert knowledge. How
does this affect likelihood?
a. | Increases
impact | b. | Eliminates impact | c. | Decreases likelihood | d. | Increases
likelihood |
|
|
|
46.
|
(1 point) A vulnerability is easy to exploit and would expose all customer records. How
should this risk be analyzed?
a. | High likelihood, low
impact | b. | Low likelihood, low impact | c. | Low likelihood, high
impact | d. | High likelihood, high impact |
|
|
|
47.
|
(1 point) A low-skilled attacker targets a highly secure system requiring advanced
knowledge. How does this affect risk likelihood?
a. | High
impact | b. | Low likelihood | c. | Severe damage | d. | High likelihood |
|
|
|
48.
|
(1 point) News coverage of a breach causes customers to leave the bank. What type of
damage occurred?
a. | Technical
damage | b. | Operational damage | c. | Financial damage | d. | Reputational
damage |
|
|
|
49.
|
(1 point) A vulnerability requires rare knowledge and expensive tools to exploit. How
does this affect likelihood?
a. | It increases
impact | b. | It decreases likelihood | c. | It eliminates impact | d. | It increases
likelihood |
|
|
|
50.
|
(1 point) A motivated attacker is willing to spend months developing a custom exploit.
How should this affect likelihood analysis?
a. | Decreases
impact | b. | Lowers asset value | c. | Eliminates risk | d. | Increases
likelihood |
|