14 Chapter 1 ■ Security and Risk Management (Domain 1)
- The following graphic shows the NIST risk management framework with step 4 missing.
What is the missing step?
PROCESS
OVERVIEWRISK
MANAGEMENT
FRAMEWORKStep 6
MONITOR
Security ControlsRepeat as necessaryArchitecture Description
Architecture Reference Models
Segment and Solution Architectures
Mission and Business Processes
Information System BoundariesOrganizational Inputs
Laws, Directives, Policy Guidance
Strategic Goals and Objectives
Priorities and Resource Availability
Supply Chain ConsiderationsStep 2
SELECT
Security ControlsStep 3
IMPLEMENT
Security ControlsStep 1
CATEGORIZE
Information SystemStep 5
AUTHORIZE
Information SystemStarting
PointA. Assess security controls.
B. Determine control gaps.
C. Remediate control gaps.
D. Evaluate user activity.- HAL Systems recently decided to stop offering public NTP services because of a fear that its
NTP servers would be used in amplification DDoS attacks. What type of risk management
strategy did HAL pursue with respect to its NTP services?
A. Risk mitigation
B. Risk acceptance
C. Risk transference
D. Risk avoidance - Susan is working with the management team in her company to classify data in an attempt
to apply extra security controls that will limit the likelihood of a data breach. What principle
of information security is Susan trying to enforce?
A. Availability
B. Denial
C. Confidentiality
D. Integrity