Cybrary Questions that Drive me crazy. Risk Management

Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
I want to discuss this questions to learn why I am picking the wrong answer.
https://tostudyguidesecurity.school.blog/2016/12/20/cybrary-risk-management-questions-to-review/

Comments

  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    There are 40 questions on there. You want to discuss ALL of them?
  • PJ_SneakersPJ_Sneakers CompTIA, EC-Council, ISACA, (ISC)², Microsoft USAMember Posts: 879 ■■■■■■□□□□
    I'm not sure what all the red marks are supposed to mean, honestly. Are those the answers you chose or the answers you got wrong?
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,882 Mod
    I've sent my boss a vacation request so I can take time and discuss each one. I'll let you know once approved.
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    I'll help with a few and that is it

    #12 - What should be done with residual risk?
    Risk cannot totally be eliminated so you have options
    a) Accept it (management approval, of course)
    b) Spend more money for more countermeasures to reduce it to an acceptable level

    Think if it like seat belts. You add seat belts to the vehicle to reduce risks but there are still residual risks, such as head and bodily injury. So you would spend more money and adopt the use of air bags to help further reduce the risk to an acceptable level.

    #18 - Which of the following would be the best mitigation strategy to limit the success of spoofed messages.
    a) Think non-repudiation here. What provides non-repudiation?

    #28 - Which of the following is not part of risk analysis?
    a) Assets, threats and vulnerabilities are all part of risk analysis
    b) countermeasures come all the way at the end after you have completed likelihood determination and impact
    analysis. This is where controls or countermeasures are recommended. Might be confusing as risk analysis and
    selecting controls all fall under the ultimate concept of risk management.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
    Thank you. As you said - this question are not so clear...
  • Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
    I chose the red ones. But some questions I am not sure what it is the most correct.
  • Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
    Be free to choose the most difficult, because I have answered 55% of the questions. I'm just not sure which ones are wrong and others I have doubts about which is the right one.
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    What are these practice questions for? I see some stuff that I have studied for before.

    #13 Warehouse is 1mil, and that is the Asset Value (AV)
    40% of the warehouse would be damaged if a fire were to occur and that would be the exposure factor (EF)
    To get Single loss expectancy (SLE), the equation is AV * EF = 400k
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
    Yes. I did that for exposure factor. What do you think of how this question was built?
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    I don't see anything wrong with any of the questions.
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • th_fusion123th_fusion123 Registered Users Posts: 3 ■□□□□□□□□□
    Another question on the test is:
    Which of the following is out of place:

    1) High, medium, low rankings
    2) Subjective intuition
    3) Objective opinions
    4) Quantitative value

    Wouldn't the correct answer be 4) Quantitative value since the other three are related to Qualitative items
  • lucky0977lucky0977 Senior Member Member Posts: 218 ■■■■□□□□□□
    Another question on the test is:
    Which of the following is out of place:

    1) High, medium, low rankings
    2) Subjective intuition
    3) Objective opinions
    4) Quantitative value

    Wouldn't the correct answer be 4) Quantitative value since the other three are related to Qualitative items

    No, you should clearly see that they are talking about Quantitative and Qualitative analysis. The answer is #3
    Why? Because #1/2 are qualitative and 3/4 are quantitative. But there is something wrong with #3, can you spot it?
    Being objective in a qualitative analysis means basing everything on facts being uninfluenced by personal feelings or interpretations.

    Qualitative = subjective | Quantitative = objective
    Bachelor of Science: Computer Science | Hawaii Pacific University
    CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+
  • clarkincnetclarkincnet Member Posts: 257 ■■■□□□□□□□
    cyberguypr wrote: »
    I've sent my boss a vacation request so I can take time and discuss each one. I'll let you know once approved.

    ... freaking awesome
    LOL
    Give a hacker an exploit, and they will have access for a day, BUT teach them to phish, and they will have access for the rest of their lives!

    Have: CISSP, CISM, CRISC, CGEIT, ITIL-F
  • th_fusion123th_fusion123 Registered Users Posts: 3 ■□□□□□□□□□
    I'm also struggling with the Cybrary Risk Management questions. Were you able to discuss your questions with anyone? If so, did it help?
  • Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
    I'm also struggling with the Cybrary Risk Management questions. Were you able to discuss your questions with anyone? If so, did it help?

    Let's review together each question. What do you think? I sent an email to Kelly (instructor) and She agreed to help me to review some of them.
  • _netmon_netmon Level 99 Wizard Mod Posts: 878 Mod
    cyberguypr wrote: »
    I've sent my boss a vacation request so I can take time and discuss each one. I'll let you know once approved.

    Savage!
    2020 goals: Server 2016 MCSA/MCSE (70-740, 70-741, 70-742, 70-744), Powershell training
    2021 goals: RHCSA/RHCE, AWS, Python training

    Train people well enough so they can leave, treat them well enough so they don't want to. - Richard Branson
  • th_fusion123th_fusion123 Registered Users Posts: 3 ■□□□□□□□□□
    Just checking. Did you get a chance to discuss these questions with others. If so, I would also like to discuss these questions.
    Thanks
  • Morgi0noCativoMorgi0noCativo Member Posts: 19 ■□□□□□□□□□
    Just checking. Did you get a chance to discuss these questions with others. If so, I would also like to discuss these questions.
    Thanks

    I am waiting forthe answer from kelly (the teacher), meanwhile, my email for chat is [email protected]. I would suggest to pick the ones we have more difficult and start to askhere. Like - I am not sure about this question:





    I did a research and I found this explanation. What do you think?


Sign In or Register to comment.