Module 4: Risk Management

Module 4 Assessment


Indicate whether the statement is true or false.

____ 1. NIST developed the Cybersecurity Framework as a mandatory set of standards to manage risks to critical infrastructure.

____ 2. Risk tolerance is the acceptable level of risk a company is willing to take.


Multiple Choice

Identify the choice that best completes the statement or answers the question.

____ 3. Which of the following is not considered a basic security service?

a. Confidentiality c. Integrity
b. Authentication d. Network Security


____ 4. All of the following are standards defined in the NERC CIP standards, except:

a. Personnel and Training c. Authentication and Access Controls
b. Sabotage Reporting d. Recovery Plans for Critical Cyber Assets


____ 5. Continuous Monitoring activities occur under which Framework Core activity?

a. Identify c. Respond
b. Detect d. Protect


____ 6. An impact analysis is a part of which step in the risk management process?

a. Risk control c. Risk identification
b. Risk assessment d. Risk mitigation


____ 7. Which risk handling method reduces the likelihood of the risk occurring to as low as zero?

a. Mitigation c. Transference
b. Avoidance d. Acceptance


Multiple Response

Select all the choices that apply.

____ 8. Which of the following are a part of the Framework Processes?

a. Framework Profile c. Framework Implementation Tiers
b. Framework Drivers d. Framework Core Functions



Complete each sentence.

9. The Framework ________________ provide background on how an organization views cybersecurty risk and the processes that are in place to manage that risk.

10. ____________________ is defined as the process of identifying vulnerabilities and taking carefully reasoned steps to ensure the confidentiality, integrity, and availabiliity of the information system.





For the answers to these questions, email your name, the name of your college or other institution, and your position there to CyberWatch West will email you a copy of the answer key.


Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Cybersecurity by Whatcom Community College and CyberWatch West is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book