SSCP: Risk, Response, and Recovery
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 70% Most missed: “What is the purpose of risk management?”
SSCP: Risk, Response, and Recovery
Time left 00:00
20 Questions

1. You are completing a risk assessment using historical data. You
2. Which of the following choices best represents the definition of risk?
3. Which of the following formulas will determine the annual loss expectancy (ALE)?
4. Which of the following choices best represents the definition of risk?
5. Of the following choices, which one most accurately reflects differences between risk management and a risk assessment?
6. An organization has implemented several controls to mitigate risks. However, some risk remains. What is the name of the remaining risk?
7. What should an organization do when the cost of a control exceeds the cost of a risk?
8. What is the first phase in incident response?
9. You are completing a risk assessment using historical data. You
10. What is the first phase in incident response?
11. You are involved in risk management activities within your organization. Of the following activities, which one is the best choice to reduce risk?
12. A risk assessment recommended several controls to mitigate risks, but only some of the controls were accepted and implemented. Who is responsible for any losses that occur from the remaining risk?
13. Which of the following choices identify valid threat sources?
14. What is the purpose of risk management?
15. An organization has recently suffered an attack resulting in monetary losses. Security professionals within the organization identified the tactics, techniques, and procedures used by the attackers and successfully eradicated all elements of the attack. What should these security professionals do with the knowledge they gained while mitigating this attack?
16. Which of the following helps ensure that an organization focuses risk management resources only on the most serious risks?
17. Which of the following choices identify valid threat sources?
18. Which of the following is a type of risk assessment that attempts to predict an attack?
19. An organization has recently suffered an attack resulting in monetary losses. Security professionals within the organization identified the tactics, techniques, and procedures used by the attackers and successfully eradicated all elements of the attack. What should these security professionals do with the knowledge they gained while mitigating this attack?
20. You decide to manage risk by purchasing insurance to cover any losses. Which one of the following risk management treatments are you using?