Risk Management Strategies

Questions and Answers

What is the primary purpose of configuration control?

To prevent data theft and loss

To review and manage user rights and permissions

To ensure that only approved changes to a baseline are allowed to be implemented (correct)

To identify and respond to incidents in an information system

What is an incident in an information system or network?

A planned system upgrade

An event that results in a system or network operating normally

Any event that results in a different outcome than normal (correct)

A routine maintenance task

What is the primary goal of user rights and permissions reviews?

To ensure that the list of users and associated rights is complete and up to date (correct)

To prevent data theft and loss

To identify and respond to incidents in an information system

To ensure that only approved changes to a baseline are allowed to be implemented

What is the primary target of most attackers?

Data

What is one of the controls that can be employed to prevent data theft?

Data minimization

What is a common challenge in maintaining user rights and permissions?

Keeping the list of users and associated rights complete and up to date

What is the primary goal of risk mitigation strategies?

To reduce the impact of threats and hazards

Which of the following is NOT a type of risk mitigation strategy?

Quality control

What is the main difference between change management and configuration management?

Change management is applied at a higher level, while configuration management is applied at a lower level

What is the purpose of a Change Control Board?

To approve all production changes

What is configuration control?

The process of controlling changes to items that have been baselined

What is the origin of change management practices?

System engineering and configuration management