Risk Management Strategies

Questions and Answers

What is the primary purpose of configuration control?

• To prevent data theft and loss
• To review and manage user rights and permissions
• To ensure that only approved changes to a baseline are allowed to be implemented (correct)
• To identify and respond to incidents in an information system

What is an incident in an information system or network?

• A planned system upgrade
• An event that results in a system or network operating normally
• Any event that results in a different outcome than normal (correct)
• A routine maintenance task

What is the primary goal of user rights and permissions reviews?

• To ensure that the list of users and associated rights is complete and up to date (correct)
• To prevent data theft and loss
• To identify and respond to incidents in an information system
• To ensure that only approved changes to a baseline are allowed to be implemented

What is the primary target of most attackers?

Data (C)

What is one of the controls that can be employed to prevent data theft?

Data minimization (C)

What is a common challenge in maintaining user rights and permissions?

Keeping the list of users and associated rights complete and up to date (D)

What is the primary goal of risk mitigation strategies?

To reduce the impact of threats and hazards (C)

Which of the following is NOT a type of risk mitigation strategy?

Quality control (D)

What is the main difference between change management and configuration management?

Change management is applied at a higher level, while configuration management is applied at a lower level (B)

What is the purpose of a Change Control Board?

To approve all production changes (C)

What is configuration control?

The process of controlling changes to items that have been baselined (D)

What is the origin of change management practices?

System engineering and configuration management (D)