Introducing Security: Aligning Asset and Risk Management Coursera Quiz Answers 2022 [💯Correct Answer]

Hello Peers, Today we are going to share all week’s assessment and quiz answers of the Introducing Security: Aligning Asset and Risk Management course launched by Coursera totally free of cost✅✅✅. This is a certification course for every interested student.

In case you didn’t find this course for free, then you can apply for financial ads to get this course for totally free.

Check out this article “How to Apply for Financial Ads?”

About The Coursera

Coursera, India’s biggest learning platform launched millions of free courses for students daily. These courses are from various recognized universities, where industry experts and professors teach very well and in a more understandable way.


Here, you will find Introducing Security: Aligning Asset and Risk Management Exam Answers in Bold Color below.

These answers are updated recently and are 100% correct✅ answers of all week, assessment, and final exam answers of Introducing Security: Aligning Asset and Risk Management from Coursera Free Certification Course.

Use “Ctrl+F” To Find Any Questions Answer. & For Mobile User, You Just Need To Click On Three dots In Your Browser & You Will Get A “Find” Option There. Use These Option to Get Any Random Questions Answer.

About Introducing Security: Aligning Asset and Risk Management Course

In this course, we’re going to start by discussing security concepts, identifying corporate assets, and discussing the risk management process.

Course Apply Link – Introducing Security: Aligning Asset and Risk Management

Introducing Security: Aligning Asset and Risk Management Quiz Answers

Week 01: Introducing Security: Aligning Asset and Risk Management Quiz Answers

Knowledge Check: Improving the Risk Assessment Process.

Q.1. ISO 27001 identifies how many steps in the risk assessment process. (D3, L1.4)

  • 4
  • 5
  • 6
  • 7

Q.2. The risk reporting phase consists of which elements? (D3, L1.4)

  • Documentation of the risk
  • Creation of a risk treatment plan (RTP)
  • Creating a Statement of Applicability (SoA)
  • All of these

Knowledge Check: Gathering Accurate Data.

Q.1. What is the difference between an interview and an oral history? (D3, L1.4)

  • There is no difference.
  • Interviews require a list or series of questions presented to a user or panel, and oral histories do not.
  • Oral histories require a list or series of questions presented to a user or panel, and interviews do not.
  • Interviews are based around record sets.

Q.2. Is there a potential risk when using observations as a means of gathering data? (D3, L1.4)

  • Yes
  • No

Q.3. Using the Grounded Theory technique moves data collection away from just assumptions and places it into something that is “real,” something that people can relate to. This technique can be applied to which of the following? (D3, L1.4)

  • Oral histories
  • Interviewing
  • Analyzing artifacts
  • It applies to none of these.

Risk Treatment Quiz answer

Q.1 All of the following are acceptable options used in the treatment of risk except which one? (D3, L1.4)

  • Remove
  • Ignore
  • Reduce
  • Transfer

Q.2. Risk mitigation is the process whereby the total risk (risk before treatment) is reduced to either a residual or acceptable level. What can be introduced to proactively help to reduce risk? (D3, L1.4)

  • Countermeasures
  • Firewalls
  • IDS systems
  • Safeguards

Q.3. Is it actually possible to avoid risk?  (D3, L1.4)

  • Yes
  • No
  • Sometimes

Q.4. You have decided to outsource your file storage to a third party (perhaps a cloud service provider). However, an incident has occurred and all of your company’s confidential data has been disseminated, including customer details. Who is ultimately responsible?  (D3, L1.4)

  • The third party
  • You (the organization)
  • It depends on the SLA or contract
  • It depends on jurisdictional control

Knowledge Check: Risk Treatment Process

Q.1. Which statement best shows the comparison of residual risk and acceptable risk? (D3, L1.4)

  • Acceptable risk is the result of transferring the risk to an insurer, while residual risk is the result of sharing the risk with a third-party service provider. 
  • Residual risk is the risk not mitigated by applying a control, while acceptable risk is a risk for which no treatment actions are taken.
  • Acceptable risk is the risk not mitigated by applying a control, while residual risk is a risk for which no treatment actions are taken.
  • They are two names for the same concept, which is the risk that management chooses to do nothing about. 

Identify common risks and vulnerabilities.

Q.1. Which of the following is an example of organizational risk?  (D3, L1.3)

  • Earthquakes
  • Floods
  • Political change
  • All of these

Q.2. When considering the sources of known and emerging risks, which of the following sources can a security professional draw from that is not entirely internal? (D3, L1.3)

  • IDS/IPS systems
  • The risk registers
  • Vulnerability scans
  • Interviews

Q.3. When updating or maintaining vulnerability databases, one repository available to a security professionals the Common Vulnerabilities and Exposures (CVE). What does this repository provide? (D3, L1.3)

  • The results of private ethical penetration tests
  • Reference information about known general vulnerabilities and the potential exposures
  • Reference information on vendor-specific vulnerabilities and the potential exposures
  • The results of public ethical penetration tests 

Q.4. What is the purpose of framing risk? (D3, L1.3)  

  • Assign responsibility or blame for high-risk systems, elements, or business processes.
  • Summarize the legal and regulatory context for risk management decisions.
  • Incorporate the latest threat intelligence into risk mitigation planning.
  • Make the risk easier to understand so decisions can be made.

Chapter 1 Quiz: Introducing Security and Aligning Asset Management to Risk Management

Q.1 What is the core objective of an information security program? (D1, L1.1)

  • To support the mission of the business
  • To dictate what the business does and how to do it securely.
  • To identify employees who fail to take proper security precautions for retraining or admonishment.
  • To demonstrate that the organization is compliant with security requirements in law, regulation or contracts.
  • What is meant by non-repudiation? (D1, L1.1)

Q.2. If a user does something (e.g., sends an email), they can’t later claim that they were not the sender.

  • Controls to protect the organization’s reputation from harm due to inappropriate social media postings by employees, even if on their private accounts and personal time.
  • It is part of the rules used in RuBAC to prevent unauthorized write-up.
  • It is a security feature that prevent session repay attack.
  • hat prevents session replay attacks

Q.3. Which of the following is not one of the four usual responses to risk, referred to in ISO/IEC 27005. (D3, L1.3)

  • Avoid
  • Accept
  • Mitigate
  • Remediate

Q.4. Regarding the IT asset management lifecycle, which resource is represented by the business’s people, processes, facilities, equipment, and corporate knowledge? (D1, L1.2)

  • Materials
  • Supplies
  • Assets
  • Outcomes

Q.5 What is a vulnerability? (D3, L1.3)

  • A systems component that fails under stress or wears out over time, which could lead to damage or loss.
  • A hazardous condition that could lead to a system outage.
  • A weakness in a system, service, process, or software.
  • Management decisions that underfund a security program.

Q.6. Why would we use CVSS? (D3, L1.3)

  • As part of systems security testing
  • To assess communications systems vulnerabilities
  • To share information with the security community regarding systems safety and security incidents
  • As part of risk assessment on identified or suspected vulnerabilities

Q.7. Scenario: Your organization’s chief risk officer is concerned about unintentional threat agents, or so-called self-inflicted attacks or disruptions. What advice would you offer? (D3, L1.4) 

  • These are insidious examples of insider threats and are often people who do not respond to our security education, training, and awareness efforts. We need to be more aggressive in identifying them, retraining them, or letting them go.
  • These are primarily caused by poorly designed security systems or “do-it-yourself” controls we have had to try to make do with. We need significantly more resources to get better-quality security systems to face an ever-increasing threat.
  • Whether these agents are truly unintentional or not does not matter; we need to be more aggressive at scanning our systems for vulnerabilities and get those fixed or compensated for.
  • It may be that our security procedures, education, and training just aren’t clear and complete enough; our security appliance installation and configuration documentation may also be too complicated for our people to use correctly. Let’s do a thorough review and update accordingly.

Q.7. Which of the following statements is true regarding classification and categorization? (D1, L1.2)

  • They are two names for the same security process.
  • Classification is about handling and protection of assets, while categorization is about loss, impact, or compliance mandates.
  • Categorization is a process that groups assets having similar classifications.
  • They are two names for the same process of assessing impact.

Q.8.Which of the following is a common threat modeling approach? (D3, L1.4)

  • Attacker-centric
  • Asset-centric
  • System(software)-centric
  • All of these

Q.9. You are tasked with conducting a quantitative risk assessment and are calculating the annual lost expectancy. Which of the following variables do you need to complete this calculation? (D3, L1.4)

  • SLE and ARO
  • ARO and EF
  • AV and EF
  • SLE and AV

More About This Course

Course 1 – Introducing Security and Aligning Asset Management to Risk Management

In this course, we’re going to start by discussing security concepts, identifying corporate assets, and discussing the risk management process.

Course 1 Learning Objectives After completing this course, the participant will be able to: 

L1.1 – Classify information security and security concepts.  
L1.2 – Summarize components of the asset management lifecycle. 
L1.3 – Identify common risks and vulnerabilities. 
L1.4 – Provide examples of appropriate risk treatment. 

Course Agenda

Module 1: Understand Security Concepts (Domain 1 – Security Operations and Administration)

Module 2: Participate in Asset Management (Domain 1 – Security Operations and Administration)

Module 3: Understand the Risk Management Process (Domain 3 – Risk Identification, Monitoring and Analysis)

Module 4: Understand the Risk Treatment Process (Domain 3 – Risk Identification, Monitoring and Analysis)

Who Should Take This Course:

Beginners

Experience Required:

No prior experience required

SKILLS YOU WILL GAIN

  • Asset
  • Risk Management

Read Also Articles:

Conclusion

Hopefully, this article will be useful for you to find all the Week, final assessment, and Peer Graded Assessment Answers to the Introducing Security: Aligning Asset and Risk Management Quiz of Coursera and grab some premium knowledge with less effort. If this article really helped you in any way then make sure to share it with your friends on social media and let them also know about this amazing training. You can also check out our other course Answers. So, be with us guys we will share a lot more free courses and their exam/quiz solutions also, and follow our Techno-RJ Blog for more updates.

Leave a Comment

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker🙏.

Powered By
Best Wordpress Adblock Detecting Plugin | CHP Adblock