Section 5.2 Demonstrate your acquired knowledge about elements of the risk management process. This will demonstrate your proficiency for section 5.2 of the Security+ SY0-701 objectives. 1 / 25 Which is an example of quantitative risk analysis? Rating risk high, med, low Assigning RTO goals Estimating probability loss Logging known threats 2 / 25 What is a risk exemption used for in a policy? To fully mitigate threats To bypass risk review To allow accepted risks To disable logging 3 / 25 Which of the following defines the longest acceptable service outage? ALE RTO EF MTBF 4 / 25 What does a recurring risk assessment help identify? Baseline usage Vendor credentials Risk changes over time Unique attack types 5 / 25 Which strategy eliminates risk by halting the vulnerable activity? Accept Avoid Transfer Assign 6 / 25 Which metric indicates expected operational time before failure? RTO ARO MTBF ALE 7 / 25 Which risk management strategy is used when an action is deemed tolerable? Accept Transfer Avoid Isolate 8 / 25 What does a risk threshold define? Alert color codes Acceptable deviation User access roles Encryption types 9 / 25 What is a key risk indicator used for? Patch scheduling Risk monitoring Budget approval Log retention 10 / 25 An RPO defines what aspect of data recovery? Time to detect Data age limit Network priority Transfer size 11 / 25 Which strategy involves outsourcing risk to another entity? Accept Avoid Transfer Mitigate 12 / 25 What does a qualitative risk analysis evaluate? Financial outcomes Encryption types Subjective severity Asset depreciation 13 / 25 Which assessment method is ongoing and adapts over time? Ad hoc One-time Periodic Continuous 14 / 25 A high ARO indicates what? Rare exploitation Frequent incidents Risk acceptance Limited exposure 15 / 25 A risk owner is accountable for which activity? Identifying patch cycles Avoiding backup delays Managing a specific risk Rejecting threat metrics 16 / 25 What does MTTR represent in risk analysis? Median threat rating Maximum time to response Mean time to repair Mission task rework 17 / 25 What would be most useful when calculating risk in financial terms? Likelihood ALE formula Asset hash Token seed 18 / 25 Which of the following risk strategies seeks to reduce risk likelihood? Avoidance Acceptance Mitigation Transfer 19 / 25 What is the primary objective of a business impact analysis? Assign workstations Test security patches Estimate operational disruption Monitor firewall metrics 20 / 25 What does the exposure factor (EF) quantify? Duration of loss Scope of access Percentage of asset affected Size of incident team 21 / 25 Which value is required to calculate annualized loss expectancy (ALE)? Recovery delay Threat profile Annualized rate of occurrence Encryption strength 22 / 25 A conservative risk appetite is likely to favor which action? Risk transfer Risk expansion Risk acceptance Risk escalation 23 / 25 What defines the organization’s general willingness to accept risk? Risk exposure Risk appetite Risk threshold Impact severity 24 / 25 Which element represents the financial impact of a single risk event? Annual cost ratio Mean time to fail Single loss expectancy Operational budget loss 25 / 25 What does a risk register primarily provide? Compliance scorecard Incident checklist Catalog of known risks Technical workaround Your score isThe average score is 0% 0% Restart quiz Return to CompTia S+ SY0-701 Objectives
