Cybrary Questions that Drive me crazy. Risk Management

in Security+
I want to discuss this questions to learn why I am picking the wrong answer.
https://tostudyguidesecurity.school.blog/2016/12/20/cybrary-risk-management-questions-to-review/
https://tostudyguidesecurity.school.blog/2016/12/20/cybrary-risk-management-questions-to-review/
Comments
#12 - What should be done with residual risk?
Risk cannot totally be eliminated so you have options
a) Accept it (management approval, of course)
b) Spend more money for more countermeasures to reduce it to an acceptable level
Think if it like seat belts. You add seat belts to the vehicle to reduce risks but there are still residual risks, such as head and bodily injury. So you would spend more money and adopt the use of air bags to help further reduce the risk to an acceptable level.
#18 - Which of the following would be the best mitigation strategy to limit the success of spoofed messages.
a) Think non-repudiation here. What provides non-repudiation?
#28 - Which of the following is not part of risk analysis?
a) Assets, threats and vulnerabilities are all part of risk analysis
b) countermeasures come all the way at the end after you have completed likelihood determination and impact
analysis. This is where controls or countermeasures are recommended. Might be confusing as risk analysis and
selecting controls all fall under the ultimate concept of risk management.
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
#13 Warehouse is 1mil, and that is the Asset Value (AV)
40% of the warehouse would be damaged if a fire were to occur and that would be the exposure factor (EF)
To get Single loss expectancy (SLE), the equation is AV * EF = 400k
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
Which of the following is out of place:
1) High, medium, low rankings
2) Subjective intuition
3) Objective opinions
4) Quantitative value
Wouldn't the correct answer be 4) Quantitative value since the other three are related to Qualitative items
No, you should clearly see that they are talking about Quantitative and Qualitative analysis. The answer is #3
Why? Because #1/2 are qualitative and 3/4 are quantitative. But there is something wrong with #3, can you spot it?
Being objective in a qualitative analysis means basing everything on facts being uninfluenced by personal feelings or interpretations.
Qualitative = subjective | Quantitative = objective
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
... freaking awesome
LOL
Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
Let's review together each question. What do you think? I sent an email to Kelly (instructor) and She agreed to help me to review some of them.
Thanks
I am waiting forthe answer from kelly (the teacher), meanwhile, my email for chat is [email protected]. I would suggest to pick the ones we have more difficult and start to askhere. Like - I am not sure about this question:
I did a research and I found this explanation. What do you think?