Information Security MCQs with Answers

Practice important Information Security MCQs with answers and explanations.

Multiple Choice Questions

🚀 Start Quiz
Q511: What are the five basic strategies for controlling risks?
  • A: Defend, Transfer, Mitigate, Accept, Terminate
  • B: Assess, Control, Avoid, Monitor, Terminate
  • C: Defend, Monitor, Evaluate, Accept, Transfer
  • D: Defend, Avoid, Transfer, Evaluate, Mitigate
View Answer
A

Q512: What strategy involves shifting risk to other processes or organizations?
  • A: Defend
  • B: Transfer
  • C: Mitigate
  • D: Accept
View Answer
B

Q513: Which control strategy aims to reduce the impact of vulnerability exploitation?
  • A: Defend
  • B: Transfer
  • C: Mitigate
  • D: Terminate
View Answer
C

Q514: What does the acceptance strategy involve?
  • A: Reducing the impact of vulnerabilities
  • B: Avoiding risky activities
  • C: Understanding consequences and accepting the risk
  • D: Transferring risk to another entity
View Answer
C

Q515: Which strategy would involve implementing security controls to prevent exploitation?
  • A: Defend
  • B: Transfer
  • C: Mitigate
  • D: Accept
View Answer
A

Q516: What is the primary goal of the terminate strategy?
  • A: To accept risks without controls
  • B: To avoid business activities with uncontrollable risks
  • C: To transfer risk to an outside party
  • D: To reduce the impact of vulnerabilities
View Answer
B

Q517: What are the common methods used in the defend strategy?
  • A: Policy, Education, Technology
  • B: Insurance, Outsourcing, Contracts
  • C: Training, Outsourcing, Risk Management
  • D: Policies, Risk Analysis, Insurance
View Answer
A

Q518: What is a common method used in the mitigation strategy?
  • A: Incident Response Plan
  • B: Outsourcing
  • C: Insurance
  • D: Transference
View Answer
A

Q519: What does the cost benefit analysis (CBA) formula measure?
  • A: Cost avoidance and control effectiveness
  • B: The cost of implementing security measures
  • C: The annualized loss expectancy and safeguard cost
  • D: The impact of vulnerability on asset value
View Answer
C

Q520: What should be included in the risk control strategy selection process?
  • A: Assessing risk appetite
  • B: Choosing a technology solution
  • C: Selecting between defend, transfer, mitigate, accept, terminate
  • D: Outsourcing decision criteria
View Answer
C

Test Your Knowledge

Take a timed quiz on Information Security

🚀 Start Quiz Now